Last active
August 29, 2015 14:12
-
-
Save antonmry/34ade8ed7086110b2372 to your computer and use it in GitHub Desktop.
Shrew
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Here is what you need to install under Oracle Linux or Red Hat Enterprise Linux to install the VirtualBox Guest Additions: | |
| <pre>yum -y install gcc kernel-uek-devel-$(uname -r)</pre> | |
| Y lo de siempre, luego. reboot | |
| # Guest | |
| route add default gw 10.174.65.2 | |
| # Host | |
| #iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT | |
| # Flush IPTABLES | |
| iptables -F | |
| iptables -X | |
| iptables -t nat -F | |
| iptables -t nat -X | |
| iptables -t mangle -F | |
| iptables -t mangle -X | |
| Next up: enable forwarding in the kernel: | |
| echo 1 >> /proc/sys/net/ipv4/ip_forward | |
| To make it auto-set this value on boot uncomment this line in/etc/sysctl.conf | |
| #net.ipv4.ip_forward=1 | |
| # Always accept loopback traffic | |
| iptables -A INPUT -i lo -j ACCEPT | |
| # We allow traffic from the LAN side | |
| iptables -A INPUT -i eth0 -j ACCEPT | |
| ###################################################################### | |
| # | |
| # ROUTING | |
| # | |
| ###################################################################### | |
| # vboxnet0 is LAN | |
| # eth0 is WAN | |
| # Allow established connections | |
| iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| # Masquerade. | |
| iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | |
| # fowarding | |
| iptables -A FORWARD -i eth0 -o vboxnet0 -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| # Allow outgoing connections from the LAN side. | |
| iptables -A FORWARD -i vboxnet0 -o eth0 -j ACCEPT | |
| yum install qt3 qt3-devel cmake | |
| yum install qt4 qt4-devel | |
| yum install libedit-devel //this one! | |
| yum install openssl-devel | |
| yum install cmake libedit-devel flex openldap-develqt-devel | |
| cd /usr/local/src | |
| # Use 2.2.0, 2.2.1 doesnt work | |
| wget http://www.shrew.net/download/ike/ike-2.2.0-beta-2.tgz | |
| tar -zxvf ike-2.2.0-beta-2.tgz | |
| cmake -DCMAKE_INSTALL_PREFIX=/usr -DQTGUI=YES -DETCDIR=/etc -DNATT=YES -LIBDIR=/usr/lib64 . | |
| make | |
| make install | |
| cp /etc/usr/local/etc/iked.conf.sample /etc/usr/local/etc/iked.conf | |
| iked | |
| http://www.gta.com/downloads/external/60/General/ShrewSoftVPN_LinuxInstall.pdf | |
| . Use a text editor to edit (as root) /etc/sysctl.d/10-network-security.conf | |
| 5. Change the following Entries from 1 to 0 (if these values are not defined you will need to add | |
| them in order to override the default setting of 1). | |
| net.ipv4.conf.default.rp _ filter=0 | |
| net.ipv4.conf.all.rp _ filter=0 | |
| 6. Reboot the PC. | |
| https://lists.shrew.net/pipermail/vpn-help/2012-March/013791.html | |
| Intentar con OpenSWAN?? | |
| https://www.centos.org/forums/viewtopic.php?f=17&t=45683 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment