假设你的vps是 debian系统,
配置请不要随便更改,否则可能丧失某平台兼容,测试通过:iOS/OSX、黑莓(OS4/5/6/7),WebOS,诺基亚,VPNC等。
软件安装完毕,修改
修改
apt-get install racoon配置请不要随便更改,否则可能丧失某平台兼容,测试通过:iOS/OSX、黑莓(OS4/5/6/7),WebOS,诺基亚,VPNC等。
软件安装完毕,修改
/etc/racoon/motd ,这是 VPN 连接成功后的 banner,可有可无;修改
/etc/racoon/psk.txt ,这是 VPN 连接的 group name 和 group secret,格式很简单, 一行即可,例如 wk iamsogayyaha #id and secret/etc/racoon/racoon.conf的内容替换为下面的内容:
log info;
path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
listen {
}
remote anonymous {
exchange_mode main,aggressive;
doi ipsec_doi;
nat_traversal on;
proposal_check obey;
generate_policy unique;
ike_frag on;
passive on;
dpd_delay = 30;
dpd_retry = 30;
dpd_maxfail = 800;
mode_cfg = on;
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method xauth_psk_server;
dh_group 2;
lifetime time 12 hour;
}
}
timer
{
natt_keepalive 20 sec;
}
sainfo anonymous {
lifetime time 12 hour ;
encryption_algorithm aes,3des,des;
authentication_algorithm hmac_sha1,hmac_md5;
compression_algorithm deflate;
}
mode_cfg {
dns4 xxx.xxx.xxx.xxx,xxx.xxx.xxx.xxx; #填上你VPS上的DNS,我填的是8.8.8.8,8.8.4.4;
save_passwd on;
network4 10.1.0.2; #VPS客户端IP
netmask4 255.255.255.0;
pool_size 250;
banner "/etc/racoon/motd";
auth_source system;#这里的认证方式即:useradd -s /bin/false some_username和passwd some_username)
conf_source local;
pfs_group 2;
default_domain "local";
}
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf sysctl -p iptables -A INPUT -p udp -m udp --dport 500 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 4500 -j ACCEPT
iptables -A INPUT -p esp -j ACCEPT
iptables -A FORWARD -s 10.1.0.0/255.255.255.0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.1.0.0/255.255.255.0 -o eth0 -j MASQUERADE android系统下的客户端:vpncilla-http://www.coolapk.com/apk/com.gmail.mjm4456.vpncilla/download/?dl=1,
http://android.d.cn/software/27337.html 如果你重启了vps,记得重新运行一遍上述5条iptables命令,否则客户端连上ipsec vpn后,还是翻不了墙的! 相关帖子:https://briteming.blogspot.com/2015/07/ipsec-toolsracoonipsec-vpnwindows.html 
