Introduction to IPSec IPSec (Internet Protocol Security): is a set of secure communication protocols based on the network layer and applied cryptography. IPSec does not refer to any specific protocol, but is an open protocol family. The design goal of the IPSec protocol is to provide flexible security services for network layer traffic in IPV4 and IPV6 environments. IPSec VPN: A secure virtual private network implemented at the IP layer based on the IPSec protocol suite. The security of OSI upper layer protocol data is ensured by inserting a predefined header into the data packet. It is mainly used to protect TCP, UDP, ICMP and tunneled IP data packets. Due to some restrictions on Alibaba Cloud, deploying IPSec on Alibaba Cloud ECS is different from deploying it on ordinary servers. Install strongswan apt-get update apt-get install strongswan strongswan-plugin-xauth-generic Edit /etc/ipsec.secrets Increase:
PSK is the pre-shared key, which is a Unicode string used to authenticate the L2TP/IPSec connection. user1 is the user name and user1password is the password. Edit /etc/ipsec.conf config setup cachecrls=yes uniqueids=yes conn ios keyexchange=ikev1 authby=xauthpsk xauth=server left=%defaultroute leftsubnet=0.0.0.0/0 leftfirewall=yes right=%any rightsubnet=192.168.0.1/16 rightsourceip=192.168.0.1/16 rightdns=223.5.5.5 auto=add Note that you should use the 192.168 network segment instead of the 10.0.0.1 network segment. The 10.0.0.1 network segment seems to have problems on Alibaba Cloud (it is said to be banned?). Restart strongswan
Modify the security group rules corresponding to the Alibaba Cloud server Add two public network access ports: UDP 500 and UDP 4500 Enable IPv4 forwarding and set NAT rules sysctl net.ipv4.ip_forward=1 iptables -t nat -A POSTROUTING -s 192.168.0.1/16 -o eth1 -j MASQUERADE Note that eth1 is used, not eth0. In ECS, eth1 is bound to the external network card, and eth0 is the internal network card. Related reading: How to build pptpd service in Alibaba Cloud Ubuntu 16.04 Summarize The above is the introduction of Alibaba Cloud Ubuntu 16.04 IPSec service. I hope it will be helpful to you. If you have any questions, please leave me a message and I will reply to you in time. I would also like to thank everyone for their support of the 123WORDPRESS.COM website! You may also be interested in:
|
<<: MySQL users and permissions and examples of how to crack the root password
>>: Complete example of vue polling request solution
The following code introduces the installation me...
MySQL handles GROUP BY and DISTINCT queries simil...
Today is 618, and all major shopping malls are ho...
1. Install MySQL (1) Unzip the downloaded MySQL c...
Use the mysql command to connect to the MySQL ser...
When configuring web.xml for tomcat, servlet is a...
I encountered a sql problem at work today, about ...
Table of contents 1. Sorting function 2. Prepare ...
At the very beginning, let's talk about what ...
This article shares the specific code of Vue to a...
WeChat applet: Simple calculator, for your refere...
The scope of nginx configuration instructions can...
The format of textarea can be saved to the databas...
Table of contents 1. Bootstrap Grid Layout 2. Ver...
Development Pain Points During the development pr...