Openwrt Install IPsec VPN Client via VPNC

2012.11.06 | Rev 0.00

本文是篇笔记,记录Openwrt上安装IPsec VPN客户端的过程。

1. 安装vpnc的命令为

okpg install vpnc

2. 然后配置VPNC的Profile

copy /etc/vpnc/default.conf 到config.conf, 然后修改

IPSec gateway  #IPv4addr

IPSec ID ipsecclient  #Group ID

IPSec secret cisco123  #PSK

Xauth username  #YOURUSERNAME

Xauth password  #YOURPASSWORD

#NAT Traversal Mode cisco-udp #这个模式没搞清楚

3. 增加路由表对国内外路由进行区分

#!/bin/sh

gateway=192.168.1.1 #国内网关

route add -net DestinationIP netmarsk gw $gateway

4. 关闭VPNC需要删除相应的网关信息

route del -net DestinationIP netmarsk

5. 增加VPNC到开机启动

修改/etc/rc.local,增加对应的script即可

# Put your custom commands here that should be executed once

# the system init finished. By default this file does nothing.

iptables -t nat -F

iptables -t filter -F

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -s 192.168.x.0/24 -j ACCEPT

#iptables -A FORWARD -j REJECT

iptables -t nat -A POSTROUTING -s 192.168.x.0/24 -o eth0 -j MASQUERADE

iptables -t nat -A POSTROUTING -s 192.168.x.0/24 -o tun0 -j MASQUERADE

iptables -t nat -A POSTROUTING -s 192.168.x.0/24 -o tap0 -j MASQUERADE

/root/vpncstart.sh

exit 0

6. DNS 处理[1]

将/etc/vpnc/vpnc-script 里的 /etc/resolv.conf 替换成 /tmp/resolv.conf.auto。

7. 启动 VPNC

vpnc --local-port 0 #use default profile (default.conf)

#或者使用自定义配置文件

vpnc /etc/vpnc/cus_config.conf --local-port 0 #use customized profile (cus_config.conf)

8. 停止 VPNC

vpnc-disconnect

 Blog | linux | notes