首页 > 站长百科 > 服务器技术

一文教会vpn虚拟网络架设

2018-09-05    来源:爱站科技

容器云强势上线!快速搭建集群,上万Linux镜像随意使用

  vpn虚拟网络架设即是虚拟专用网络,接下来就由爱站频道的小编分享一篇关于vpn组建虚拟网络架设的教程给大家吧!感兴趣的朋友跟小编一起来了解一下吧!

  FreeBSD 架设多点虚拟私人网络 VPN ( Virtual Private Network ) 采用 IPSec+NAT+VPN

  Description:

  虚拟私人网络 VPN ﹝Virtual Private Network ﹞, 其技术是利用公众网络﹝Public Internet ﹞的骨干做私人的加密资料传输, VPN 虚拟私人网络,运用在企业上,可以让分散在世界各地的子公司一起分享具机密性的资料,而总公司与子公司之间数据资料传输,也如同在企业的 Intranet 内网之下传递,既安全又稳定。其实企业虚拟网络最大一项的优点,在于网络管理工作的简化。

  Environment :

  硬件:A B C 三台 Server

  网卡:6片网卡 ( 每台机器两片 )

  作业系统:FreeBSD 4.7 Release

  Server A

  Server B

  Server C

  真实 IP

  203.107.34.2

  203.107.34.3

  203.107.34.4

  虚拟 IP

  192.168.0.0/24

  192.168.1.0/24

  192.168.2.0/24

  Gateway IP

  192.168.0.254

  192.168.1.254

  192.168.2.254

  lo0 alias0 IP

  10.255.255.1/28

  10.255.255.2/28

  10.255.255.3/28

  Setp 1.

  让 FreeBSD 支援 VPN 的功能必须重新compiler kernel 加入下面几行,再重新 compiler kernel 即可。

  options IPDIVERT

  options IPFIREWALL

  options DUMMYNET

  options IPSEC

  options IPSEC_ESP

  options IPSEC_DEBUG

  pseudo-device gif 4 # IPv6 and IPv4 tunneling

  Setp 2.

  Server A:

  Server A# vi /etc/rc.conf 内容如下:

  defaultrouter="203.107.34.62"

  hostname="Server A.ntut.idv.tw"

  ifconfig_de0="inet 203.107.34.2 netmask 255.255.255.192"

  ifconfig_fxp0="inet 192.168.0.254 netmask 255.255.255.0"

  ifconfig_lo0_alias0="inet 10.255.255.1 netmask 255.255.255.240"

  gif_interfaces="gif0 gif1"

  gifconfig_gif0="203.107.34.2 203.107.34.3"

  gifconfig_gif1="203.107.34.2 203.107.34.4"

  ifconfig_gif0="inet 10.255.255.1 10.255.255.2 netmask 255.255.255.240"

  ifconfig_gif1="inet 10.255.255.1 10.255.255.3 netmask 255.255.255.240"

  firewall_enable="YES"

  firewall_type="OPEN"

  gateway_enable="YES"

  natd_enable="YES"

  natd_interface="de0"

  sshd_enable="YES"

  Server A# vi /etc/rc.firewall 内容如下:

  #!/bin/sh

  #delete all rule

  /sbin/ipfw -f flush

  #define NAT pass to de0

  /sbin/ipfw add divert natd all from any to any via de0

  /sbin/ipfw add 65000 allow ip from any to any

  Server A# vi /usr/local/etc/rc.d/ipsec.sh 内容如下:

  #!/bin/sh

  # Make a static route!!!

  route add -net 192.168.1.0/24 10.255.255.2

  route add -net 192.168.2.0/24 10.255.255.3

  # read in the config

  setkey -f /etc/ipsec.conf

  Server A# vi /etc/ipsec.conf 内容如下:

  # This is the test if the network connection will work

  flush;

  spdflush;

  add 203.107.34.3 203.107.34.2 esp 9993 -E blowfish-cbc "123456789";

  add 203.107.34.2 203.107.34.3 esp 9994 -E blowfish-cbc "123456789";

  add 203.107.34.2 203.107.34.4 esp 9995 -E blowfish-cbc "123456789";

  add 203.107.34.4 203.107.34.2 esp 9996 -E blowfish-cbc "123456789";

  spdadd 192.168.0.0/24 192.168.1.0/24 any -P out ipsec esp/tunnel/203.107.34.2-203.107.34.3/require;

  spdadd 192.168.1.0/24 192.168.0.0/24 any -P in ipsec esp/tunnel/203.107.34.3-203.107.34.2/require;

  spdadd 192.168.0.0/24 192.168.2.0/24 any -P out ipsec esp/tunnel/203.107.34.2-203.107.34.4/require;

  spdadd 192.168.2.0/24 192.168.0.0/24 any -P in ipsec esp/tunnel/203.107.34.4-203.107.34.2/require;

  Server B:

  Server B#vi /etc/rc.conf 内容如下:

  defaultrouter="203.107.34.62"

  hostname="B.ntut.idv.tw"

  ifconfig_de0="inet 203.107.34.3 netmask 255.255.255.192"

  ifconfig_vr0="inet 192.168.1.254 netmask 255.255.255.0"

  ifconfig_lo0_alias0="inet 10.255.255.2 netmask 255.255.255.240"

  gif_interfaces="gif0 gif1"

  gifconfig_gif0="203.107.34.3 203.107.34.4"

  gifconfig_gif1="203.107.34.3 203.107.34.2"

  ifconfig_gif0="inet 10.255.255.2 10.255.255.3 netmask 255.255.255.240"

  ifconfig_gif1="inet 10.255.255.2 10.255.255.1 netmask 255.255.255.240"

  firewall_enable="YES"

  firewall_type="OPEN"

  gateway_enable="YES"

  natd_enable="YES"

  natd_interface="de0"

  sshd_enable="YES"

  Server B#vi /etc/rc.firewall 内容如下:

  #!/bin/sh

  #delete all rule

  /sbin/ipfw -f flush

  #define NAT pass to de0

  /sbin/ipfw add divert natd all from any to any via de0

  /sbin/ipfw add 65000 allow ip from any to any

  Server B#vi /usr/local/etc/rc.d/ipsec.sh 内容如下:

  #!/bin/sh

  # Make a static route!!!

  route add -net 192.168.2.0/24 10.255.255.3

  route add -net 192.168.0.0/24 10.255.255.1

  # read in the config

  setkey -f /etc/ipsec.conf

  Server B#vi /etc/ipsec.conf 内容如下:

  flush;

  spdflush;

  add 203.107.34.3 203.107.34.4 esp 9991 -E blowfish-cbc "123456789";

  add 203.107.34.4 203.107.34.3 esp 9992 -E blowfish-cbc "123456789";

  add 203.107.34.3 203.107.34.2 esp 9993 -E blowfish-cbc "123456789";

  add 203.107.34.2 203.107.34.3 esp 9994 -E blowfish-cbc "123456789";

  spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec esp/tunnel/203.107.34.3-203.107.34.4/require;

  spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec esp/tunnel/203.107.34.4-203.107.34.3/require;

  spdadd 192.168.1.0/24 192.168.0.0/24 any -P out ipsec esp/tunnel/203.107.34.3-203.107.34.2/require;

  spdadd 192.168.0.0/24 192.168.1.0/24 any -P in ipsec esp/tunnel/203.107.34.2-203.107.34.3/require;

  Server C:

  Server C#vi /etc/rc.conf 内容如下:

  defaultrouter="203.107.34.62"

  hostname="C.ntut.idv.tw"

  ifconfig_rl0="inet 203.107.34.4 netmask 255.255.255.192"

  ifconfig_fxp0="inet 192.168.2.254 netmask 255.255.255.0"

  ifconfig_lo0_alias0="inet 10.255.255.3 netmask 255.255.255.240"

  gif_interfaces="gif0 gif1"

  gifconfig_gif0="203.107.34.4 203.107.34.3"

  gifconfig_gif1="203.107.34.4 203.107.34.2"

  ifconfig_gif0="inet 10.255.255.3 10.255.255.2 netmask 255.255.255.240"

  ifconfig_gif1="inet 10.255.255.3 10.255.255.1 netmask 255.255.255.240"

  firewall_enable="YES"

  firewall_type="OPEN"

  gateway_enable="YES"

  natd_enable="YES"

  natd_interface="rl0"

  sshd_enable="YES"

  Server C#vi /etc/rc.firewall 内容如下:

  #!/bin/sh

  #delete all rule

  /sbin/ipfw -f flush

  #define NAT pass to rl0

  /sbin/ipfw add divert natd all from any to any via rl0

  /sbin/ipfw add 65000 allow ip from any to any

  Server C#vi /usr/local/etc/rc.d/ipsec.sh 内容如下:

  #!/bin/sh

  # Make a static route!!!

  route add -net 192.168.1.0/24 10.255.255.2

  route add -net 192.168.0.0/24 10.255.255.1

  # read in the config

  setkey -f /etc/ipsec.conf

  Server C#vi /etc/ipsec.conf 内容如下:

  flush;

  spdflush;

  add 203.107.34.3 203.107.34.4 esp 9991 -E blowfish-cbc "123456789";

  add 203.107.34.4 203.107.34.3 esp 9992 -E blowfish-cbc "123456789";

  add 203.107.34.2 203.107.34.4 esp 9995 -E blowfish-cbc "123456789";

  add 203.107.34.4 203.107.34.2 esp 9996 -E blowfish-cbc "123456789";

  spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec esp/tunnel/203.107.34.4-203.107.34.3/require;

  spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec esp/tunnel/203.107.34.3-203.107.34.4/require;

  spdadd 192.168.2.0/24 192.168.0.0/24 any -P out ipsec esp/tunnel/203.107.34.4-203.107.34.2/require;

  spdadd 192.168.0.0/24 192.168.2.0/24 any -P in ipsec esp/tunnel/203.107.34.2-203.107.34.4/require;

  Setp 3.

  Server A# ifconfig # 看网络介面和 ip

  de0: flags=8843 mtu 1500

  inet6 fe80::200:e8ff:fe4f:527e%de0 prefixlen 64 scopeid 0x1

  inet 203.107.34.2 netmask 0xffffffc0 broadcast 203.107.34.63

  ether 00:00:e8:4f:52:7e

  media: Ethernet autoselect (10baseT/UTP)

  status: active

  fxp0: flags=8843 mtu 1500

  inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255

  inet6 fe80::2a0:c9ff:fe93:438c%fxp0 prefixlen 64 scopeid 0x2

  ether 00:a0:c9:93:43:8c

  media: Ethernet autoselect (none)

  status: no carrier

  lp0: flags=8810 mtu 1500

  ppp0: flags=8010 mtu 1500

  sl0: flags=c010 mtu 552

  faith0: flags=8002 mtu 1500

  lo0: flags=8049 mtu 16384

  inet6 ::1 prefixlen 128

  inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7

  inet 10.255.255.1 netmask 0xfffffff0

  inet 127.0.0.1 netmask 0xff000000

  gif0: flags=8051 mtu 1280

  tunnel inet 203.107.34.2 --> 203.107.34.3

  inet6 fe80::200:e8ff:fe4f:527e%gif0 prefixlen 64 scopeid 0x8

  inet 10.255.255.1 --> 10.255.255.2 netmask 0xfffffff0

  gif1: flags=8051 mtu 1280

  tunnel inet 203.107.34.2 --> 203.107.34.4

  inet6 fe80::200:e8ff:fe4f:527e%gif1 prefixlen 64 scopeid 0x9

  inet 10.255.255.1 --> 10.255.255.3 netmask 0xfffffff0

  Server A# setkey -DP # 看ipsec 有无起动

  192.168.1.0/24[any] 192.168.0.0/24[any] any

  in ipsec

  esp/tunnel/203.107.34.3-203.107.34.2/require

  spid=10 seq=3 pid=300

  refcnt=1

  192.168.2.0/24[any] 192.168.0.0/24[any] any

  in ipsec

  esp/tunnel/203.107.34.4-203.107.34.2/require

  spid=12 seq=2 pid=300

  refcnt=1

  192.168.0.0/24[any] 192.168.1.0/24[any] any

  out ipsec

  esp/tunnel/203.107.34.2-203.107.34.3/require

  spid=9 seq=1 pid=300

  refcnt=1

  192.168.0.0/24[any] 192.168.2.0/24[any] any

  out ipsec

  esp/tunnel/203.107.34.2-203.107.34.4/require

  spid=11 seq=0 pid=300

  refcnt=1

  Server A# setkey -D

  203.107.34.4 203.107.34.2

  esp mode=any spi=9996(0x0000270c) reqid=0(0x00000000)

  E: blowfish-cbc 31323334 35363738 39

  seq=0x00000000 replay=0 flags=0x00000040 state=mature

  created: Jan 21 14:28:33 2003 current: Jan 21 16:41:49 2003

  diff: 7996(s) hard: 0(s) soft: 0(s)

  last: Jan 21 14:33:10 2003 hard: 0(s) soft: 0(s)

  current: 1464(bytes) hard: 0(bytes) soft: 0(bytes)

  allocated: 21 hard: 0 soft: 0

  sadb_seq=3 pid=301 refcnt=1

  203.107.34.2 203.107.34.4

  esp mode=any spi=9995(0x0000270b) reqid=0(0x00000000)

  E: blowfish-cbc 31323334 35363738 39

  seq=0x00000015 replay=0 flags=0x00000040 state=mature

  created: Jan 21 14:28:33 2003 current: Jan 21 16:41:49 2003

  diff: 7996(s) hard: 0(s) soft: 0(s)

  last: Jan 21 14:33:10 2003 hard: 0(s) soft: 0(s)

  current: 2196(bytes) hard: 0(bytes) soft: 0(bytes)

  allocated: 21 hard: 0 soft: 0

  sadb_seq=2 pid=301 refcnt=2

  203.107.34.2 203.107.34.3

  esp mode=any spi=9994(0x0000270a) reqid=0(0x00000000)

  E: blowfish-cbc 31323334 35363738 39

  seq=0x00000004 replay=0 flags=0x00000040 state=mature

  created: Jan 21 14:28:33 2003 current: Jan 21 16:41:49 2003

  diff: 7996(s) hard: 0(s) soft: 0(s)

  last: Jan 21 14:31:20 2003 hard: 0(s) soft: 0(s)

  current: 400(bytes) hard: 0(bytes) soft: 0(bytes)

  allocated: 4 hard: 0 soft: 0

  sadb_seq=1 pid=301 refcnt=2

  203.107.34.3 203.107.34.2

  esp mode=any spi=9993(0x00002709) reqid=0(0x00000000)

  E: blowfish-cbc 31323334 35363738 39

  seq=0x00000000 replay=0 flags=0x00000040 state=mature

  created: Jan 21 14:28:33 2003 current: Jan 21 16:41:49 2003

  diff: 7996(s) hard: 0(s) soft: 0(s)

  last: Jan 21 14:31:20 2003 hard: 0(s) soft: 0(s)

  current: 480(bytes) hard: 0(bytes) soft: 0(bytes)

  allocated: 8 hard: 0 soft: 0

  sadb_seq=0 pid=301 refcnt=1

  Server A#netstat -nr # 查看 Routting table

  Routing tables

  Internet:

  Destination Gateway Flags Refs Use Netif Expire

  default 203.107.34.62 UGSc 1 4782 de0

  10.255.255.1 10.255.255.1 UH 0 0 lo0

  10.255.255.2 10.255.255.1 UH 1 0 gif0

  10.255.255.3 10.255.255.1 UH 1 0 gif1

  127.0.0.1 127.0.0.1 UH 0 0 lo0

  192.168.0 link#2 UC 0 0 fxp0

  192.168.1 10.255.255.2 UGSc 0 8 gif0

  192.168.2 10.255.255.3 UGSc 0 25 gif1

  203.107.34/26 link#1 UC 4 0 de0

  203.107.34.3 link#1 UHLW 1 12 de0

  203.107.34.4 link#1 UHLW 1 21 de0

  203.107.34.11 00:50:04:c3:7d:59 UHLW 2 2020 de0 1149

  203.107.34.62 00:01:63:8c:68:54 UHLW 1 0 de0 1042

  最后确认 ping 看看可不可以到达其它网段:

  Server A#ping 192.168.1.254

  Server A#ping 192.168.2.254

  Server B#ping 192.168.0.254

  Server B#ping 192.168.2.254

  Server C#ping 192.168.0.254

  Server C#ping 192.168.1.254

  以上就是vpn组建虚拟网络架设的详细教程,更多相关内容请继续关注爱站技术频道。

标签: 安全 网络

版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点!
本站所提供的图片等素材,版权归原作者所有,如需使用,请与原作者联系。

上一篇:Linux 服务器怎样操作才安全实用

下一篇:ISA Server怎样清除故障

相关文章
最新资讯
热门推荐
热门标签
网站 seo 网络 网站优化 安全 百度 互联网 服务器 云计算 媒体 大数据 代码 外链建设 搜索 搜索优化 数据 淘宝 搜索引擎 百度百 通信  数据库 网站推广 金融 排名 Google 推广 谷歌 网站排名 关键词优化