Linux: June 2010 Archives

Environment: CentOS 5.5 to CentOS 5.5
Example:
Site A
   WAN: 100.100.100.100/24
   LAN: 192.168.0.1/24

Site B
   WAN: 200.200.200.200/24
   LAN: 192.168.1.1/24

Install Openswan (formerly FreeSWAN)
yum -y install openswan

Edit Site A /etc/ipsec.conf
conn tunnel
   left=100.100.100.100 # left for local
   leftsubnet=192.168.0.0/24
   right=200.200.200.200 # right for remote
   rightsubnet=192.168.1.0/24
   pfs=yes # pfs for Perfect Forward Secrecy
   type=tunnel
   authby=secret
   auto=start

Edit Site A /etc/ipsec.secrets # left right order is not important, PSK must be the same as Site B
100.100.100.100 200.200.200.200: PSK "yourpsk"

Edit Site B /etc/ipsec.conf
conn tunnel
   left=200.200.200.200
   leftsubnet=192.168.1.0/24
   right=100.100.100.100
   rightsubnet=192.168.0.0/24
   pfs=yes
   type=tunnel
   authby=secret
   auto=start

Edit Site A /etc/ipsec.secrets
100.100.100.100 200.200.200.200: PSK "yourpsk"

Site A and Site B
service ipsec start

Show status
# /etc/init.d/ipsec status
/usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
IPsec running - pluto pid: 30061
pluto pid 30061
1 tunnels up
some eroutes exist

it work!

Check from Site A
ping -I 192.168.0.1 192.168.1.1
Check from Site B
ping -I 192.168.1.1 192.168.0.1

If you ping failed, check your iptables rules, no MASQUERADE between Site A and Site B

若下載 RAR 檔案卻在網頁上直接出現檔案內容 (Rar!一推亂碼)
原因是 Web Server 送出的 Content-Type: 是 text/plain;
若是用 Apache, 在 httpd.conf 找出 TypesConfig 是指向的 mime.types 路徑,
編輯 mime.types, 加入 application/x-rar-compressed rar
或者去抓最新 Apache 裡面的 mime.types 覆蓋
然後重啟 Apache
curl -I http://yourhost/file.rar
有出現 Content-Type: application/x-rar-compressed 表示正常