ipsec/racoon on ubuntu14.04
2015-11-27 15:20
295 查看
4. on vm1
a)
root@localhost:/root> ip -4 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 2.1.1.2/24 scope global eth0
b)
root@localhost:/root> ip r s
2.1.1.0/24 dev eth0 proto kernel scope link src 2.1.1.2
c)
root@localhost:/root> cat /etc/ipsec/0/ike1/racoon.conf
#!/usr/sbin/racoon
path pre_shared_key "/etc/ipsec/0/ike1/secret.psk"; # please note that the preshared key in this case is 12345
remote 2.1.1.1
{
exchange_mode main;
my_identifier address 2.1.1.2;
nat_traversal off ;
script "/etc/ipsec/scripts/phase1-up.sh" phase1_up;
script "/etc/ipsec/scripts/phase1-down.sh" phase1_down;
lifetime time 600 secs;
# phase 1 proposal (for ISAKMP SA)
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo address 2.1.1.2 any address 2.1.1.1 any
{
lifetime time 300 secs;
encryption_algorithm aes;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
listen {
adminsock "/etc/ipsec/0/ike1/.racoon_admin";
isakmp 2.1.1.2 [500];
}
d)
root@localhost:/root> cat /etc/ipsec/0/ike1/secret.psk
2.1.1.1 12345
f)
root@localhost:/root> cat /etc/ipsec/0/ike1.add
# FlexiPlatform: IPSec policy rule configuration
spdadd 2.1.1.2/32 2.1.1.1/32 any
-P out
prio 2147480968 ipsec ah/tunnel/2.1.1.2-2.1.1.1/unique;
spdadd 2.1.1.1/32 2.1.1.2/32 any
-P in
prio 2147480968 ipsec ah/tunnel/2.1.1.1-2.1.1.2/unique;
g)
root@localhost:/root> setkey -DP
2.1.1.1[any] 2.1.1.2[any] 255
fwd prio high + 1073739144 ipsec
ah/tunnel/2.1.1.1-2.1.1.2/require
created: May 20 07:39:17 2015 lastused:
lifetime: 0(s) validtime: 0(s)
spid=34 seq=1 pid=976
refcnt=1
2.1.1.1[any] 2.1.1.2[any] 255
in prio high + 1073739144 ipsec
ah/tunnel/2.1.1.1-2.1.1.2/unique#16385
created: May 20 07:39:17 2015 lastused:
lifetime: 0(s) validtime: 0(s)
spid=24 seq=2 pid=976
refcnt=1
2.1.1.2[any] 2.1.1.1[any] 255
out prio high + 1073739144 ipsec
ah/tunnel/2.1.1.2-2.1.1.1/unique#16384
created: May 20 07:39:17 2015 lastused:
lifetime: 0(s) validtime: 0(s)
spid=17 seq=3 pid=976
refcnt=1
h) chmod 400 /etc/ipsec/0/ike1/secret.psk
5. on vm2
a)
root@localhost:/root> ip -4 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 2.1.1.1/24 scope global eth0
b)
root@localhost:/root> ip r s
2.1.1.0/24 dev eth0 proto kernel scope link src 2.1.1.1
c)
root@localhost:/root> cat /etc/ipsec/0/ike1/racoon.conf
#!/usr/sbin/raccoon
path pre_shared_key "/etc/ipsec/0/ike1/secret.psk"; # please note that the preshared key in this case is 12345
remote 2.1.1.2
{
exchange_mode main;
my_identifier address 2.1.1.1;
nat_traversal off ;
script "/etc/ipsec/scripts/phase1-up.sh" phase1_up;
script "/etc/ipsec/scripts/phase1-down.sh" phase1_down;
lifetime time 600 secs;
# phase 1 proposal (for ISAKMP SA)
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo address 2.1.1.1 any address 2.1.1.2 any
{
lifetime time 300 secs;
encryption_algorithm aes;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
listen {
adminsock "/etc/ipsec/0/ike1/.racoon_admin";
isakmp 2.1.1.1 [500];
}
d)
root@localhost:/root> cat /etc/ipsec/0/ike1/secret.psk
2.1.1.2 12345
f)
root@localhost:/root> cat /etc/ipsec/0/ike1.add
# FlexiPlatform: IPSec policy rule configuration
spdadd 2.1.1.2/32 2.1.1.1/32 any
-P in
prio 2147480968 ipsec ah/tunnel/2.1.1.2-2.1.1.1/unique;
spdadd 2.1.1.1/32 2.1.1.2/32 any
-P out
prio 2147480968 ipsec ah/tunnel/2.1.1.1-2.1.1.2/unique;
g)
root@localhost:/root> setkey -DP
2.1.1.1[any] 2.1.1.2[any] 255
out prio high + 1073739144 ipsec
ah/tunnel/2.1.1.1-2.1.1.2/unique#16385
created: May 20 07:40:18 2015 lastused: May 20 07:47:17 2015
lifetime: 0(s) validtime: 0(s)
spid=33 seq=1 pid=984
refcnt=1
2.1.1.2[any] 2.1.1.1[any] 255
fwd prio high + 1073739144 ipsec
ah/tunnel/2.1.1.2-2.1.1.1/require
created: May 20 07:40:18 2015 lastused:
lifetime: 0(s) validtime: 0(s)
spid=26 seq=2 pid=984
refcnt=1
2.1.1.2[any] 2.1.1.1[any] 255
in prio high + 1073739144 ipsec
ah/tunnel/2.1.1.2-2.1.1.1/unique#16384
created: May 20 07:40:18 2015 lastused:
lifetime: 0(s) validtime: 0(s)
spid=16 seq=3 pid=984
refcnt=1
h) chmod 400 /etc/ipsec/0/ike1/secret.psk
After I run "racoon -f /etc/ipsec/0/ike1/racoon.conf && setkey -f /etc/ipsec/0/ike1.add", then run "ping 2.1.1.1"
a)
root@localhost:/root> ip -4 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 2.1.1.2/24 scope global eth0
b)
root@localhost:/root> ip r s
2.1.1.0/24 dev eth0 proto kernel scope link src 2.1.1.2
c)
root@localhost:/root> cat /etc/ipsec/0/ike1/racoon.conf
#!/usr/sbin/racoon
path pre_shared_key "/etc/ipsec/0/ike1/secret.psk"; # please note that the preshared key in this case is 12345
remote 2.1.1.1
{
exchange_mode main;
my_identifier address 2.1.1.2;
nat_traversal off ;
script "/etc/ipsec/scripts/phase1-up.sh" phase1_up;
script "/etc/ipsec/scripts/phase1-down.sh" phase1_down;
lifetime time 600 secs;
# phase 1 proposal (for ISAKMP SA)
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo address 2.1.1.2 any address 2.1.1.1 any
{
lifetime time 300 secs;
encryption_algorithm aes;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
listen {
adminsock "/etc/ipsec/0/ike1/.racoon_admin";
isakmp 2.1.1.2 [500];
}
d)
root@localhost:/root> cat /etc/ipsec/0/ike1/secret.psk
2.1.1.1 12345
f)
root@localhost:/root> cat /etc/ipsec/0/ike1.add
# FlexiPlatform: IPSec policy rule configuration
spdadd 2.1.1.2/32 2.1.1.1/32 any
-P out
prio 2147480968 ipsec ah/tunnel/2.1.1.2-2.1.1.1/unique;
spdadd 2.1.1.1/32 2.1.1.2/32 any
-P in
prio 2147480968 ipsec ah/tunnel/2.1.1.1-2.1.1.2/unique;
g)
root@localhost:/root> setkey -DP
2.1.1.1[any] 2.1.1.2[any] 255
fwd prio high + 1073739144 ipsec
ah/tunnel/2.1.1.1-2.1.1.2/require
created: May 20 07:39:17 2015 lastused:
lifetime: 0(s) validtime: 0(s)
spid=34 seq=1 pid=976
refcnt=1
2.1.1.1[any] 2.1.1.2[any] 255
in prio high + 1073739144 ipsec
ah/tunnel/2.1.1.1-2.1.1.2/unique#16385
created: May 20 07:39:17 2015 lastused:
lifetime: 0(s) validtime: 0(s)
spid=24 seq=2 pid=976
refcnt=1
2.1.1.2[any] 2.1.1.1[any] 255
out prio high + 1073739144 ipsec
ah/tunnel/2.1.1.2-2.1.1.1/unique#16384
created: May 20 07:39:17 2015 lastused:
lifetime: 0(s) validtime: 0(s)
spid=17 seq=3 pid=976
refcnt=1
h) chmod 400 /etc/ipsec/0/ike1/secret.psk
5. on vm2
a)
root@localhost:/root> ip -4 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 2.1.1.1/24 scope global eth0
b)
root@localhost:/root> ip r s
2.1.1.0/24 dev eth0 proto kernel scope link src 2.1.1.1
c)
root@localhost:/root> cat /etc/ipsec/0/ike1/racoon.conf
#!/usr/sbin/raccoon
path pre_shared_key "/etc/ipsec/0/ike1/secret.psk"; # please note that the preshared key in this case is 12345
remote 2.1.1.2
{
exchange_mode main;
my_identifier address 2.1.1.1;
nat_traversal off ;
script "/etc/ipsec/scripts/phase1-up.sh" phase1_up;
script "/etc/ipsec/scripts/phase1-down.sh" phase1_down;
lifetime time 600 secs;
# phase 1 proposal (for ISAKMP SA)
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo address 2.1.1.1 any address 2.1.1.2 any
{
lifetime time 300 secs;
encryption_algorithm aes;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
listen {
adminsock "/etc/ipsec/0/ike1/.racoon_admin";
isakmp 2.1.1.1 [500];
}
d)
root@localhost:/root> cat /etc/ipsec/0/ike1/secret.psk
2.1.1.2 12345
f)
root@localhost:/root> cat /etc/ipsec/0/ike1.add
# FlexiPlatform: IPSec policy rule configuration
spdadd 2.1.1.2/32 2.1.1.1/32 any
-P in
prio 2147480968 ipsec ah/tunnel/2.1.1.2-2.1.1.1/unique;
spdadd 2.1.1.1/32 2.1.1.2/32 any
-P out
prio 2147480968 ipsec ah/tunnel/2.1.1.1-2.1.1.2/unique;
g)
root@localhost:/root> setkey -DP
2.1.1.1[any] 2.1.1.2[any] 255
out prio high + 1073739144 ipsec
ah/tunnel/2.1.1.1-2.1.1.2/unique#16385
created: May 20 07:40:18 2015 lastused: May 20 07:47:17 2015
lifetime: 0(s) validtime: 0(s)
spid=33 seq=1 pid=984
refcnt=1
2.1.1.2[any] 2.1.1.1[any] 255
fwd prio high + 1073739144 ipsec
ah/tunnel/2.1.1.2-2.1.1.1/require
created: May 20 07:40:18 2015 lastused:
lifetime: 0(s) validtime: 0(s)
spid=26 seq=2 pid=984
refcnt=1
2.1.1.2[any] 2.1.1.1[any] 255
in prio high + 1073739144 ipsec
ah/tunnel/2.1.1.2-2.1.1.1/unique#16384
created: May 20 07:40:18 2015 lastused:
lifetime: 0(s) validtime: 0(s)
spid=16 seq=3 pid=984
refcnt=1
h) chmod 400 /etc/ipsec/0/ike1/secret.psk
After I run "racoon -f /etc/ipsec/0/ike1/racoon.conf && setkey -f /etc/ipsec/0/ike1.add", then run "ping 2.1.1.1"
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 湖北互联网能赶上北上广吗?
- c#收发数据给USB HID
- SQLServer和Oracle,存储过程区别,常用函数对比
- UItextfield 基本属性 代理方法
- Html5选择图片并及时预览图片
- Uva624 01背包输出方案 xingxing在努力
- 有关Linux邮件的基础知识
- C#实现启动,关闭与查找进程的方法
- PHP通过反射动态加载第三方类和获得类源码的实例
- windows下socket网络编程小节
- 重新回归CSDN博客
- ios开发学习笔记
- Spring MVC(三)基于上一篇使用JUnit编写测试用例
- Qt:正则表达式语法:
- C#截图操作方法大全
- .Net写txt文件-简单的记录执行日志信息代码
- day_25I/O输入输出
- 11
- eclipse下gradle配置
- Winform Textbox实现滚动条始终在最下面