1. 配置
Processor Types and Features --> Processor Family 选择Pentium 4(根据实际情况,选最高的。老处理器没办法)
下面的 High Memory Support 内存上限 选择 64GB,这样底下会多出一个隐藏选项:
PAE Support 该选项会自动被选上
再进入Paravirtualized Guest Support,会出来一个隐藏选项
Xen Guest Support (= =) 选中!
这样编译出来的内核,既可以当Dom0,也可以当DomU。内核会自动适应。
最后看一下其他的选项 把跟AMD处理器相关的就先拿掉吧
make dep && make clean && make bzImage && make modules && make modules_install && make install
#########################################################################
# REQUIREMENTS
#########################################################################
A recent Linux distribution based on either Kernel 2.4.x, or 2.6.x are
the currently supported platforms.
Most recent distributions have package support for openswan. Unless
a source based build is truly needed, it is often best to use the pre-built
distributions packaged version.
There are a few packages required for Openswan to compile from source:
1. The GNU Math Precision Library:
Debian package names: libgmp3, libgmp3-dev
Rpm package names: gmp, gmp-devel
2. awk, flex and bison
Debian package names: gawk/mawk, flex, bison
Rpm package names: ????
3. iproute2, iptables, sed, awk, bash, cut and possible other tools
are required at runtime.
Debian package names: iproute, iptables, the rest are usually there
Rpm package names: ????
perl is also required for "ipsec verify".
The most important is:
http://pptpclient.sourceforge.net/howto-debian.phtml#configure_by_hand
openswan+++xl2tpd+++pptp-linux
--------------------------------------------------------------------------------------------------------------------------
/etc/ppp/chap-secrets
--------------------------------------------------------------------------------------------------------------------------
# Secrets for authentication using CHAP
# client server secret IP addresses
"suma" l2tpd "suma" x.x.x.x
suma l2tpd suma *
suma l2tpd suma x.x.x.x
suma * suma *
"suma" * "suma" *
suma l2tpd suma 192.168.7.1
suma * suma 192.168.7.1
---------------------------------------------------------------------------------------------------------------------------
/etc/ipsec.conf
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=x.x.x.x
leftprotoport=17/1701
# the remote user
right=%any
rightprotoport=17/%any
rightsubnet=vhost:%priv,%no
---------------------------------------------------------------------------------------------------------------------------
/etc/ipsec.secrets
x.x.x.x %any: PSK "suma"
---------------------------------------------------------------------------------------------------------------------------
/etc/ppp/options
require-mschap-v2
ipcp-accept-local
ipcp-accept-remote
ms-dns 8.8.4.4
ms-dns 8.8.8.8
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
---------------------------------------------------------------------------------------------------------------------------
/etc/xl2tpd/xl2tpd.conf
[global]
listen-addr = x.x.x.x
ipsec saref=no
[lns default]
ip range = 192.168.7.128-192.168.7.254
local ip=192.168.7.1
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options
length bit = yes
---------------------------------------------------------------------------------------------------------------------------
jiaoben.sh
route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.3.1 device ppp0
iptables --table nat --append POSTROUTING --jump MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
sysctl -p
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
service ipsec restart
---------------------------------------------------------------------------------------------------------------------------