|
FreeBSD的配置(1) 配置网络:/etc/rc.conf
network_interface="dc0 lo0"
ifconfig_dc0="192.168.2.11"
defaultrouter="192.168.2.1"
远程登陆
FreeBSD远程登陆默认的是ssh,但是不能su到root,为了能su到root,打开/etc/group文件把你的用户名添加的wheel组中:
wheel:*:0:root,name
重新配置内核
#cd /usr/src/sys/i386/conf
#cp GENERIC MYKERNEL
编辑MYKERNEL加入
options IPSEC
options IPSEC_ESP
options IPSEC_DEBUG
然后
#/usr/sbin/config MYKERNEL
#cd ../compile/MYKERNEL
#make depend
#make
#make install
安装racoon
#cd /usr/ports/security/racoon
#make install clean
要确保你的/usr/ports/distfiles目录中有racoon-20021120a.tar.gz,没有的话就下一个吧。
3.创建证书
认证的方法选择证书的方法。利用OpenSSL来创建证书。
首先创建CA,然后为将要互连的两个计算机发放证书。先创建RSA公私钥对,然后创建子签名的证书。
创建CA
$ openssl genrsa -des3 -out ca.key 1024
warning, not mUCh extra random data, consider using the -rand option
Generating RSA private key, 1024 bit long modulus
..............++++++
................++++++
e is 65537 (0x10001)
Enter PEM pass phrase: fearBeans
Verifying passWord - Enter PEM pass phrase: fearBeans
$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt
Using configuration from /etc/ssl/openssl.cnf
Enter PEM pass phrase: fearBeans
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Heilongjiang
Locality Name (eg, city) []:Daqing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Linuxdevice
|
