I tried to use ipsec-tools to setup a Cisco Ipsec VPN server on my openSUSE 13.1 VPS, and I can normally connect to this VPN, but can not cross this VPN to visit internet except server IP address.
My configuration:
/etc/racoon/racoon.conf
Edit sysctl.conf:
Configure iptables:
My configuration:
/etc/racoon/racoon.conf
Code:
log info;
path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
listen {
}
remote anonymous {
exchange_mode main,aggressive;
doi ipsec_doi;
nat_traversal on;
proposal_check obey;
generate_policy unique;
ike_frag on;
passive on;
dpd_delay = 30;
dpd_retry = 30;
dpd_maxfail = 800;
mode_cfg = on;
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method xauth_psk_server;
dh_group 2;
lifetime time 12 hour;
}
}
timer
{
natt_keepalive 20 sec;
}
sainfo anonymous {
lifetime time 12 hour ;
encryption_algorithm aes,3des,des;
authentication_algorithm hmac_sha1,hmac_md5;
compression_algorithm deflate;
}
mode_cfg {
dns4 8.8.8.8,8.8.4.4;
save_passwd on;
network4 10.8.0.2;
netmask4 255.255.255.0;
pool_size 250;
banner "/etc/racoon/motd";
auth_source system;
conf_source local;
pfs_group 2;
default_domain "local";
}Code:
net.ipv4.ip_forward = 1Code:
iptables -A INPUT -p udp --dport 500 -j ACCEPT
iptables -A INPUT -p udp --dport 4500 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward