服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Openswan通过Amazon VPC路由到Officenetworking
Intereting Posts
从一个ISP移到另一个; DNS PTR问题 基于Docker的基础设施testing工具 新的VPS iptables是不同的? 在Windows Server 2008 R2下查看closures事件跟踪器日志 iptables例外 默认的我的网站电子邮件通知closures? Samba能否对付MIT Kerberos进行身份validation? 如何审核镜像工作? PHP会话文件具有000的权限 – 它们不可用 负载均衡的IIS。 我应该使用NLB,还是基于linux的反向代理或其他? Google Cloud DNS – 将CNAME添加到其他域? 是否有可能通过域强制执行本地GPO? Apache虚拟主机限制和文件描述符限制 rsync:rsync如何应对从挂载的共享到远程位置的文件副本? 需要:Windows 2008的简单HTTP反向代理

Openswan通过Amazon VPC路由到Officenetworking

试图创build一个道路战士VPNnetworking。 由于我们办公室的互联网速度很慢,我们通过带有复制AD和文件服务器的VPC运行它。 目前,连接到VPC的办公室有一个Amazon VPC VPN。 在VPC中,我们有一个OpenSwan服务器,允许您将VPN连入AWSnetworking。 我无法将它路由回办公室,为两者都允许一个VPN连接。 此外,通过Openswan路由时,互联网不起作用。 因此,必须在Mac OS X上手动添加路由。有谁知道每个连接都有正确的configuration,并且在用户需要时提供Internet? 另外,OpenSwan如何提供路由?

(10.1.5.0)IPSEC VPN <-OpenSwan CentOS服务器 – >(172.16.1.0)Amazon VPC子网<-Meraki / VPC VPN->(192.168.1.0)在办公networking

当前OpenSwanconfiguration 

# basic configuration config setup # plutodebug / klipsdebug = "all", "none" or a combation from below: # "raw crypt parsing emitting control klips pfkey natt x509 private" # eg: plutodebug="control parsing" # # ONLY enable plutodebug=all or klipsdebug=all if you are a developer !! # # NAT-TRAVERSAL support, see README.NAT-Traversal nat_traversal=yes #virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 # If we consider that we have an internal interface on subnet 192.168.22.0/24, # we need to had here we had %v4:!192.168.22.0/24 virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 # # enable this if you see "failed to find any available worker" nhelpers=0 protostack=netkey oe=no conn L2TP-PSK-CLIENTS # # Configuration for one user with any type of IPsec/L2TP client # including the updated Windows 2000/XP (MS KB Q818043), but # excluding the non-updated Windows 2000/XP. # # # Use a Preshared Key. Disable Perfect Forward Secrecy. # # PreSharedSecret needs to be specified in /etc/ipsec.secrets as # YourIPAddress %any: "sharedsecret" authby=secret pfs=no auto=add keyingtries=3 # we cannot rekey for %any, let client rekey rekey=no type=transport # left=172.16.1.53 leftnexthop=172.16.1.1 #leftsubnets={172.16.0.0/12,192.168.1.0/24} leftsubnet=0.0.0.0/0 #leftsubnet=172.16.0.0/12 # or you can use: left=YourIPAddress # leftnexthop=YourGatewayIPAddress # # For updated Windows 2000/XP clients, # to support old clients as well, use leftprotoport=17/%any leftprotoport=17/%any # # The remote user. right=%any rightsubnet=0.0.0.0/0 rightnexthop=172.16.1.1 # Using the magic port of "0" means "any one single port". This is # a work around required for Apple OSX clients that use a randomly # high port, but propose "0" instead of their port. rightprotoport=0/%any

当前Openswan路线表 

 Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 10.5.1.11 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 172.16.1.1 0.0.0.0 UG 0 0 0 eth0

Openswan版本: 

 openswan-2.6.43

VPC路由表 

 Destination Target 172.16.0.0/16 local 0.0.0.0/0 igw-xxxxxxxx 10.5.1.0/24 eni-xxxxxx / i-xxxxxx (openswan) 192.168.0.0/16 vgw-xxxxxxx