Foredoomed · November 19, 2012 11:56
diff --git a/ipsec_vpn b/ipsec_vpn
 非常简单，假设你用的是 debian 或者是番茄花园 debian，

 apt-get install racoon
 racoon 包必须为 0.8+

 配置请不要随便更改，否则可能丧失某平台兼容，测试通过：iOS/OSX、黑莓（OS4/5/6/7），WebOS，诺基亚，VPNC等。

 软件安装完毕，修改 /etc/racoon/motd ，这是 VPN 连接成功后的 banner，可有可无；

 修改 /etc/racoon/psk.txt ，这是 VPN 连接的 group name 和 group secret，格式很简单， 一行即可，例如

 wk iamsogayyaha
 #id and secret
 接着，把下面的配置替换掉 /etc/racoon/racoon.conf


 log info;
 path include "/etc/racoon";
 path pre_shared_key "/etc/racoon/psk.txt";

 listen {
 }

 remote anonymous {
        exchange_mode main,aggressive;
        doi ipsec_doi;
        nat_traversal on;
        proposal_check obey;
        generate_policy unique;
        ike_frag on;
        passive on;
        dpd_delay = 30;
    dpd_retry = 30;
    dpd_maxfail = 800;
    mode_cfg = on;
        proposal {
                encryption_algorithm aes;
                hash_algorithm sha1;
                authentication_method xauth_psk_server;
                dh_group 2;
        lifetime time 12 hour;
        }
 }

 timer
 {
        natt_keepalive 20 sec;
 }

 sainfo anonymous {
        lifetime time 12 hour ;
        encryption_algorithm aes,3des,des;
        authentication_algorithm hmac_sha1,hmac_md5;
        compression_algorithm deflate;
 }

 mode_cfg {
        dns4 xxx.xxx.xxx.xxx,xxx.xxx.xxx.xxx; #填上你VPS上的DNS
        save_passwd on;
        network4 10.1.0.2; #VPS客户端IP
        netmask4 255.255.255.0;
        pool_size 250;
        banner "/etc/racoon/motd";
        auth_source pam;
        conf_source local;
        pfs_group 2;
    default_domain "gw.gfw.io";
 }
 最后加上 VPN 的 iptables 规则和 ipv4 转发即可。

 sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
 sysctl -p
 iptables --table nat --append POSTROUTING -o ethX --jump MASQUERADE
	非常简单，假设你用的是 debian 或者是番茄花园 debian，

	apt-get install racoon
	racoon 包必须为 0.8+

	配置请不要随便更改，否则可能丧失某平台兼容，测试通过：iOS/OSX、黑莓（OS4/5/6/7），WebOS，诺基亚，VPNC等。

	软件安装完毕，修改 /etc/racoon/motd ，这是 VPN 连接成功后的 banner，可有可无；

	修改 /etc/racoon/psk.txt ，这是 VPN 连接的 group name 和 group secret，格式很简单，一行即可，例如

	wk iamsogayyaha
	#id and secret
	接着，把下面的配置替换掉 /etc/racoon/racoon.conf


	log info;
	path include "/etc/racoon";
	path pre_shared_key "/etc/racoon/psk.txt";

	listen {
	}

	remote anonymous {
	exchange_mode main,aggressive;
	doi ipsec_doi;
	nat_traversal on;
	proposal_check obey;
	generate_policy unique;
	ike_frag on;
	passive on;
	dpd_delay = 30;
	dpd_retry = 30;
	dpd_maxfail = 800;
	mode_cfg = on;
	proposal {
	encryption_algorithm aes;
	hash_algorithm sha1;
	authentication_method xauth_psk_server;
	dh_group 2;
	lifetime time 12 hour;
	}
	}

	timer
	{
	natt_keepalive 20 sec;
	}

	sainfo anonymous {
	lifetime time 12 hour ;
	encryption_algorithm aes,3des,des;
	authentication_algorithm hmac_sha1,hmac_md5;
	compression_algorithm deflate;
	}

	mode_cfg {
	dns4 xxx.xxx.xxx.xxx,xxx.xxx.xxx.xxx; #填上你VPS上的DNS
	save_passwd on;
	network4 10.1.0.2; #VPS客户端IP
	netmask4 255.255.255.0;
	pool_size 250;
	banner "/etc/racoon/motd";
	auth_source pam;
	conf_source local;
	pfs_group 2;
	default_domain "gw.gfw.io";
	}
	最后加上 VPN 的 iptables 规则和 ipv4 转发即可。

	sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
	sysctl -p
	iptables --table nat --append POSTROUTING -o ethX --jump MASQUERADE