Quick HOWTO : Ch35 : Configuring Linux VPNs/zh:修订间差异

来自Ubuntu中文
跳到导航跳到搜索
Sanebaby留言 | 贡献
Sanebaby留言 | 贡献
第13行: 第13行:


如果你对VPNs不熟悉,请看附录I,"Miscellaneous Linux Topics", 提供了一些对深入理解本章要点重要的背景知识。
如果你对VPNs不熟悉,请看附录I,"Miscellaneous Linux Topics", 提供了一些对深入理解本章要点重要的背景知识。
==VPN 指引==
Here are some recommended guidelines that I suggest you consider before attempting a simple SOHO Linux VPN.
* The IPSec protocol on which VPNs are based will not tolerate its data packets being network address translated. If your firewall does NAT, then you'll have to disable it specifically for the packets that will traverse the VPN.
* Life will be much easier if you make your Linux VPN box also function as a firewall. Configure and test the firewall first and then configure the VPN. Chapter 14, "[[Quick HOWTO : Ch14 : Linux Firewalls Using iptables|Linux Firewalls Using iptables]]", should help a lot.
* The networks at both ends of the VPN tunnel must use different IP address ranges. Many company networks operate using 192.168.0.x or 192.168.1.x addresses, you may have to reassign IP addresses to your network if overlaps occur.
* Permanent site-to-site VPNs require firewalls at both ends that use static, DHCP IP addresses.

2008年7月14日 (一) 22:18的版本

{{#ifexist: :Quick HOWTO : Ch35 : Configuring Linux VPNs/zh/zh | | {{#ifexist: Quick HOWTO : Ch35 : Configuring Linux VPNs/zh/zh | | {{#ifeq: {{#titleparts:Quick HOWTO : Ch35 : Configuring Linux VPNs/zh|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:Quick HOWTO : Ch35 : Configuring Linux VPNs/zh|1|-1|}} | zh | | }}


介绍

随着 SOHO 的增长,你最终需要建立一些安全的连接到供应商、卖主、分支机构、商业伙伴和是顾主,以便能够联入他们的位于Internet 防火墙后面的服务器。

一种解决办法就是建立虚拟专用网络(VPN)在你的防火墙和他们之间提供加密的数据流。VPN十分方便,因为你能不依靠公网IP地址,而仅靠私有IP位址连接到远程服务器。这样就避免了连接服务器的网络地址转换的问题。

本章将概述如何使用 Openswan (Linux下流行的VPN软件) 构造一个固定的点对点的VPN连接。

如果你对VPNs不熟悉,请看附录I,"Miscellaneous Linux Topics", 提供了一些对深入理解本章要点重要的背景知识。

VPN 指引

Here are some recommended guidelines that I suggest you consider before attempting a simple SOHO Linux VPN.

  • The IPSec protocol on which VPNs are based will not tolerate its data packets being network address translated. If your firewall does NAT, then you'll have to disable it specifically for the packets that will traverse the VPN.
  • Life will be much easier if you make your Linux VPN box also function as a firewall. Configure and test the firewall first and then configure the VPN. Chapter 14, "Linux Firewalls Using iptables", should help a lot.
  • The networks at both ends of the VPN tunnel must use different IP address ranges. Many company networks operate using 192.168.0.x or 192.168.1.x addresses, you may have to reassign IP addresses to your network if overlaps occur.
  • Permanent site-to-site VPNs require firewalls at both ends that use static, DHCP IP addresses.