Disclaimer: do not use too good, it is important, even less important machines do the following, if found by the administrator or broiler lost, I will not be responsible for.
○: Origin often encounter websites blocked, some time ago even sf.net & gmail.com are sealed up, can't bear to look for a material to be 3389 broiler. 1: background on what VPN category there is a general understanding that is probably why, if you do not know friends can google, like watching the English document friends can see the following two documents on the introduction of VPN, very clear. This article is not the specific introduction. Http://hmyblog.vmmatrix.net/sdbwww/pub/books/packt.publishing.openvpn.building.and.integrating.virtual.private.networks.mar.2006.pd http://hmyblog.vmmatrix.net/sdbwww/pub/books/packt.publishing.building.and.integrating.virtual.private.networks.with.openswan.jan.200620060628185701.rar here, resist the temptation to make a switch, if just contact a new field of knowledge, the best little look China people write technical documentation, that does not trust, a term is unclear (as in this article, hehe), and many local places, maybe he did graffiti a gas, where the key leaked or changed, copying other people's things even foreigners directory file name does not change the original still call. Search for specific members in swan + vpn when the chance came. Anyway, I don't want to be with a walk on the best English documentation or China Taiwan people write things, such as the person who called the bird brothers wrote the article is pretty good, although very basic, but said very clearly that he is out of the book, called the "bird's brother's kitchens" good, good for Linux beginners reading. Some great points program in the official site has DOCUMENT or HOWTO, FAQ What sort of, serious look at even if not to do will reap many, probably at least know that software. I generally look at the above two PDF, receipts, once again recommended that the VPN and openswan, openvpn describes very detailed. Target system redhatlinux9 default install 2: demand bluntly with broiler do encryption agent 1: to change the system as small as possible, including adding files, and system logs, because we are using a broiler. :) 2: is the client--> server mode, instead of the model, browse net-net website. 3: server or client that you want to configure a convenient, simple and easy to use, what we want is fast. III: selection (advantages and disadvantages here is my own opinion, and in fact may not be so) 1: * swanA: ipsecvpn, default port tcp/udp500B: advantages: the encryption strength, network game what support well (we do not have) C: disadvantages: deployment trouble, trouble, the key is configured his nat-t is nat through functionality requires hitting the kernel patch, recompile the kernel, this shall be done in the broiler, huh, huh. Concrete can be seen above the openswan RAR, very detailed. General talk about the swan series, the start is freeswan, and seemingly in 2004 to stop development, derive openswan and strongswan two branches, I looked, looks like the development of good, openswan strongswan even a RPM package without, of course, it's looks like. Because I do not know how to code, said what have to add the word that looks like, but do not underestimate scriptkid: Oh, because you never know when he is on your system, use the script, although uid0 I repeatedly being B4, huh, huh. Around the back ... swan series is divided into two pieces, one is a user space program, one in the kernel space program. User-space program called p to o what is good, as for what o p, you'll know if mounted loading, to not have it installed, know nothing. Kernel space:) includes modules and patches, probably. In other words, in order to do so, you will need user nat-t space program, lkm and kernel patches, you need to recompile the kernel, that we can't do it in broilers, drop it. There he runs with root. Last name of the 40 000 students and not multiple references to the copyright fee regret:) 2: typical pptpdA: pptpvpn, default port tcp1723B: benefits: windows with his client, the installation is easy, just a few rpm, configuration is also not difficult to C: disadvantage: a dial-in and he would have changed the default gateway, annoying, or dial into their own routeadd/delete a few changed, don't disconnect, see site ain't worth it then trouble me 3: a typical openvpnA: SSLVPN, default port tcp/udp1194B: benefits: easy installation, an rpm get, to compress a lot in a lzo RPM package. Configuration is very simple, just generate a static.key, also you can chroot to nobody, and can run, broiler security is also very important, keeping bad was robbed, you can chroot. There is dial into the VPN, he does not change your default gateway, eliminating the toss of trouble, we can take the sF.net address added to the static routes. In the server side only need to open a udportcp port on it, don't need to touch someone else's iptables. Looks like as if there are load balancing or anything, this and a bit of a gap in our purpose, ignore it. C: disadvantages: in addition to the extra charge for a client, relative to our needs, seemingly no disadvantages.
No comments:
Post a Comment