PrototypeT 发表于 2014-3-17 17:27:48

求助,关于ipsec.conf的修改

各位大神,我们单位的网络是基于L2TP的,为了使pi上网,我按照http://www.raspberrypi.org/forum/viewtopic.php?t=31541&p=330742的指示进行设置

修改nano /etc/ipsec.conf时
教程中的程是这样的
version 2.0
config setup

      nat_traversal=yes
      protostack=netkey
      virtual_private=%v4:192.168.0.0/16,%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:!10.25$
      oe=off

conn L2TP-PSK-NAT
    rightsubnet=vhost:%priv
    also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
      authby=secret
      pfs=no
      auto=add
      keyingtries=3
      # we cannot rekey for %any, let client rekey
      rekey=no
      # Apple iOS doesn't send delete notify so we need dead peer detection
      # to detect vanishing clients
      dpddelay=30
      dpdtimeout=120
      dpdaction=clear
      # Set ikelifetime and keylife to same defaults windows has
      ikelifetime=8h
      keylife=1h
      # l2tp-over-ipsec is transport mode
      type=transport
      #
      left=192.168.1.112
      #
      # For updated Windows 2000/XP clients,
      # to support old clients as well, use leftprotoport=17/%any
      leftprotoport=17/1701
      #
      # The remote user.
      #
      right=%any
      # Using the magic port of "%any" means "any one single port". This is
      # a work around required for Apple OSX clients that use a randomly
      # high port.
      rightprotoport=17/%any
      #force all to be nat'ed. because of ios
      forceencaps=yes
# Normally, KLIPS drops all plaintext traffic from IP's it has a crypted
# connection with. With L2TP clients behind NAT, that's not really what
# you want. The connection below allows both l2tp/ipsec and plaintext
# connections from behind the same NAT router.
# The l2tpd use a leftprotoport, so they are more specific and will be used
# first. Then, packets for the host on different ports and protocols (eg ssh)
# will match this passthrough conn.
conn passthrough-for-non-l2tp
      type=passthrough
      left=192.168.1.112
      leftnexthop=192.168.1.254
      right=0.0.0.0
      rightsubnet=0.0.0.0/0
      auto=route

我应该修改哪些IP?把所有192.168.1.254修改成我的静态IP是否正确?谢谢各位大神指导!!

PrototypeT 发表于 2014-3-17 17:28:24

求指导啊求指导!!
页: [1]
查看完整版本: 求助,关于ipsec.conf的修改