![](https://csdnimg.cn/release/download_crawler_static/3811530/bg3.jpg)
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=192.168.5.130 --------> left 端表示自己,也就是 atom300 上的 wan0 口
leftprotoport=17/1701
right=%any - ---------> right 端表示客户端 , 这里用 %any 表示任何 ip 都可以连接 ,
rightprotoport=17/%any 你可以在这里限定你允许访问的 ip
/etc/ipsec.secrets 文件修改如下:
192.168.5.130 %any: PSK "xiejiantest"
服务端 IP 客户端 IP PSK 密码
修改包转发设置(在命令行中输入)
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
修改 /etc/sysctl.conf 文件如下:
net.ipv4.ip_forward = 1
sysctl -p
重新启动 ipsec, 并测试运行效果
/etc/init.d/ipsec restart
ipsec verify
如下即为正常工作
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path
[OK]
Linux Openswan U2.6.24/K2.6.32.12-linode25 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]