strongswan5.1.2 on ubuntu14.04 (net-net with psk)
2015-05-21 17:26
323 查看
The network topology:
client1: ubuntu14.04 server eth0 ip: 10.1.0.10/24 ---->c1
client2: ubuntu14.04 server eth0 ip: 10.2.0.10/24 ---->c2
gateway1: ubuntu14.04 server eth1 ip: 10.1.0.1/24 eth0 ip: 192.168.0.1/24 --->g1
gateway2: ubuntu14.04 server eth1 ip: 10.2.0.1/24 eth0 ip: 192.168.0.2/24 --->g2
c1(eth0:10.1.0.10/24)<---->(eth1:10.1.0.1/24)g1(eth0:192.168.0.1/24)<---->(eth0:192.168.0.2/24)g2(eth1:10.1.0.1/24)<---->(eth0:10.2.0.10/24)c2
|-------------------switch 1------------| |------------switch 0----------------| |--------------switch 2------------|
That is, eth0 of c1 and eth1 of g1 are in switch 1.
eth0 of g1 and eth0 of g2 are in switch 0.
eth1 of g2 and eth0 of c2 are in switch 2.
Before making tests, please make sure that you can ping from c1 to c2 through switch 0.
1. on g1:
run apt-get install strongswan*
a)
ip addr add 192.168.0.1/24 dev eth0
ip link set eth0 up
ip addr add 10.1.0.1/24 dev eth1
ip link set eth1 up
b)
ip route add default via 192.168.0.2 dev eth0
c) /etc/ipsec.conf
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2
mobike=no
conn net-net
left=192.168.0.1
leftsubnet=10.1.0.0/16
leftid=@moon.strongswan.org
leftfirewall=yes
right=192.168.0.2
rightsubnet=10.2.0.0/16
rightid=@sun.strongswan.org
auto=add
d) /etc/ipsec.secrets
: PSK "nokia"
2. on g2
apt-get install strongswan*
a)
ip addr add 192.168.0.2/24 dev eth0
ip link set eth0 up
ip addr add 10.2.0.1/24 dev eth1
ip link set eth1 up
b)
ip route add default via 192.168.0.1 dev eth0
c) /etc/ipsec.conf
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2
mobike=no
conn net-net
left=192.168.0.2
leftsubnet=10.2.0.0/16
leftid=@sun.strongswan.org
leftfirewall=yes
right=192.168.0.1
rightsubnet=10.1.0.0/16
rightid=@moon.strongswan.org
auto=add
d) /etc/ipsec.secrets
: PSK "nokia"
3. on c1
a)
ip addr add 10.1.0.10/24 dev eth0
b)
ip route add default via 10.1.0.1 dev eth0
4. on c2
a)
ip addr add 10.2.0.10/24 dev eth0
b)
ip route add default via 10.2.0.1 dev eth0
5. on g1
run this command: ipsec restart
6. on g2
run this command: ipsec restart
7. on g1
run this command: ipsec up net-net
8. on c1
run this command: ping 10.2.0.10
9. on g1, g2
run this command: tcpdump -ni eth0 esp
You will find the tcpdump output.
client1: ubuntu14.04 server eth0 ip: 10.1.0.10/24 ---->c1
client2: ubuntu14.04 server eth0 ip: 10.2.0.10/24 ---->c2
gateway1: ubuntu14.04 server eth1 ip: 10.1.0.1/24 eth0 ip: 192.168.0.1/24 --->g1
gateway2: ubuntu14.04 server eth1 ip: 10.2.0.1/24 eth0 ip: 192.168.0.2/24 --->g2
c1(eth0:10.1.0.10/24)<---->(eth1:10.1.0.1/24)g1(eth0:192.168.0.1/24)<---->(eth0:192.168.0.2/24)g2(eth1:10.1.0.1/24)<---->(eth0:10.2.0.10/24)c2
|-------------------switch 1------------| |------------switch 0----------------| |--------------switch 2------------|
That is, eth0 of c1 and eth1 of g1 are in switch 1.
eth0 of g1 and eth0 of g2 are in switch 0.
eth1 of g2 and eth0 of c2 are in switch 2.
Before making tests, please make sure that you can ping from c1 to c2 through switch 0.
1. on g1:
run apt-get install strongswan*
a)
ip addr add 192.168.0.1/24 dev eth0
ip link set eth0 up
ip addr add 10.1.0.1/24 dev eth1
ip link set eth1 up
b)
ip route add default via 192.168.0.2 dev eth0
c) /etc/ipsec.conf
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2
mobike=no
conn net-net
left=192.168.0.1
leftsubnet=10.1.0.0/16
leftid=@moon.strongswan.org
leftfirewall=yes
right=192.168.0.2
rightsubnet=10.2.0.0/16
rightid=@sun.strongswan.org
auto=add
d) /etc/ipsec.secrets
: PSK "nokia"
2. on g2
apt-get install strongswan*
a)
ip addr add 192.168.0.2/24 dev eth0
ip link set eth0 up
ip addr add 10.2.0.1/24 dev eth1
ip link set eth1 up
b)
ip route add default via 192.168.0.1 dev eth0
c) /etc/ipsec.conf
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2
mobike=no
conn net-net
left=192.168.0.2
leftsubnet=10.2.0.0/16
leftid=@sun.strongswan.org
leftfirewall=yes
right=192.168.0.1
rightsubnet=10.1.0.0/16
rightid=@moon.strongswan.org
auto=add
d) /etc/ipsec.secrets
: PSK "nokia"
3. on c1
a)
ip addr add 10.1.0.10/24 dev eth0
b)
ip route add default via 10.1.0.1 dev eth0
4. on c2
a)
ip addr add 10.2.0.10/24 dev eth0
b)
ip route add default via 10.2.0.1 dev eth0
5. on g1
run this command: ipsec restart
6. on g2
run this command: ipsec restart
7. on g1
run this command: ipsec up net-net
8. on c1
run this command: ping 10.2.0.10
9. on g1, g2
run this command: tcpdump -ni eth0 esp
You will find the tcpdump output.
相关文章推荐
- Build an IRC Server with Ircd Hybrid and Anope on Ubuntu 14.04
- How To Install WordPress with nginx on Ubuntu 14.04
- How To Use MySQL with Your Ruby on Rails Application on Ubuntu 14.04
- Set up wxWidgets 3.0.1 on Ubuntu 14.04 with OpenGL support
- How to Install Laravel with an Nginx Web Server on Ubuntu 14.04(Composer,laravel,nginx)
- VPS: Nginx, PHP5 & ASP.NET with FastCGI on ubuntu-server 10.04 LTS
- strongswan4.4.0 on ubuntu14.04
- Install PIL with Jpeg support on Ubuntu Oneiric 64bit
- How To Install WordPress with LAMP on Ubuntu 16.04
- Getting Remote Access To Work On Ubuntu 14.04 With Vino(需要xrdp?不需vnc)
- caffe setup on ubuntu 15.04 with CPU and NO GPU and NO Python
- Installing Zabbix on Ubuntu 14.04
- Install CUDA 6.0 on Ubuntu 14.04 LTS
- How To Install Apache Kafka on Ubuntu 14.04
- redis 3.2.6 on ubuntu 14.04
- How to Install Caffe on Ubuntu14.04
- Ubuntu 14.04 LTS: File Sharing With Samba
- Ubuntu_Installing Apache2 With PHP5 And MySQL Support On Ubuntu 12.04 LTS (LAMP)
- Ubuntu 14.04 PHP Warning: Module 'PDO' already loaded in Unknown on line 0 PHP (solved)