1, run the following command
sysctl-a | Egrep "ipv4.* (accept|send) _redirects" | Awk-f "=" ' {print $ = 0 "} ' >>/etc/sysctl.conf
Sed-i "S/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g"/etc/sysctl.conf
Sed-i "S/net.ipv4.conf.default.rp_filter = 1/net.ipv4.conf.default.rp_filter = 0/g"/etc/sysctl.conf
Modprobe Bridge
Sysctl-p
2, install the compilation tool
Yum install-y make gcc autoconf gmp-devel Bison Flex lsof
3, install Openswan
wget http://download.openswan.org/openswan/openswan-2.6.39.tar.gz
Tar zxvf openswan-2.6.39
Make programs
Make install
4, modify Configuration ipsec.conf
Version 2.0
Config setup
dumpdir=/var/run/pluto/
Nat_traversal=yes
Virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
Oe=off
Protostack=netkey
Plutostderrlog=/var/log/ipsec.log
Conn 1to2
Type=tunnel
Authby=secret
Pfs=yes
ike=3des-md5;modp1024
phase2alg=3des-md5;modp1024
left=10.1.1.1
Leftsubnet=192.168.1.0/24
right=10.1.1.2
Rightsubnet=192.168.2.0/24
Auto=start
5, modify the key file Ipsec.secrets
10.1.1.1 10.1.1.2:PSK "Test"
6, verify
Service IPSec Start
IPSec Verify
IPSec Auto--status
7, adding routes
PC1 (192.168.1.2)
Route add-net 192.168.2.0 netmask 255.255.255.0 GW 192.168.1.1
PC2 (192.168.2.2)
Route add-net 192.168.1.0 netmask 255.255.255.0 GW 192.168.2.1
FY: Install Klips Core
Install kernel
Yum Install Kernel-devel
Yum install rpm-build redhat-rpm-config unifdef rng-tools
Yum install patchutils xmlto asciidoc elfutils binutils-libelf-devel newt-devel python-devel Hmaccalc perl-extutils-embed Elfutils-libelf-devel Binutils-devel
Rpm-i http://vault.centos.org/6.4/updates/Source/SPackages/kernel-2.6.32-358.18.1.el6.src.rpm 2>&1 | Grep-v mockb
CD ~/rpmbuild/specs
Preparing source code files
RPMBUILD-BP--target=$ (uname-m) Kernel.spec
Compile
RPMBUILD-BB--target=$ (uname-m) kernel.spec 2> Prep-err.log | Tee Prep-out.log
Compiled kernel rpm files can be found in the ~/rpmbuild/rpms/' uname-m '/directory
Install and reboot
RPM-IVH kernel-*.rpm
Klips Compilation
Make programs
Make module
Make install
Make Minstall
cp/root/openswan-2.6.39/modobj26/ipsec.ko/lib/modules/$ (uname-m)/kernel/net/ipsec