Professional Documents
Culture Documents
Configure Site-to-Site VPN
Configure Site-to-Site VPN
1. login to G2 and install openswan with klips support #mkdir /downloads #cd /downloads # wget http://www.openswan.org/download/openswan-2.6.31.tar.gz #tar zxvf openswan-2.6.31.tar.gz #cd openswan-2.6.31 #make programs install #make KERNELSRC=/lib/modules/`uname r`/build module minstall 2. configure tunnel on G2 #vi /etc/ipsec.conf config setup protostack=klips interfaces=ipsec0=eth0 conn G2-to-G1 auto=start authby=secret left=10.10.10.1 leftsubnet=192.168.1.0/24 right=10.10.10.2 rightsubnet=192.168.0.0/24 3. configure secret on G2 #vi /etc/ipsec.secrets 10.10.10.1 10.10.10.2: PSK "secret" 4. modify firewall for ipsec tunnel on G2 #vi /etc/kerber/firewall ..Modify NAT statement $ipt t nat A POSTROUTING o eth0 ! d 192.168.0.0/24 j MASQUERADE ..Add these lines in INPUT chain $ipt -A INPUT -i eth0 -p 50 -j ACCEPT $ipt -A INPUT -i eth0 -p udp --dport 500 -j ACCEPT ..Add this line in FORWARD chain $ipt -A FORWARD -i ipsec0 s 192.168.0.0/24 -j ACCEPT
www.arondmessaging.ro www.facebook.com/aiolinux
#cd /downloads # wget http://www.openswan.org/download/openswan-2.6.31.tar.gz #tar zxvf openswan-2.6.31.tar.gz #cd openswan-2.6.31 #make programs install #make KERNELSRC=/lib/modules/`uname r`/build module minstall
6. configure tunnel on G1 #vi /etc/ipsec.conf config setup protostack=klips interfaces=ipsec0=eth0 conn G2-to-G1 auto=start authby=secret left=10.10.10.1 leftsubnet=192.168.1.0/24 right=10.10.10.2 rightsubnet=192.168.0.0/24 7. configure secret on G1 #vi /etc/ipsec.secrets 10.10.10.1 10.10.10.2: PSK "secret" 8. modify firewall for ipsec tunnel on G1 #vi /etc/kerber/firewall ..Modify NAT statement $ipt t nat A POSTROUTING o eth0 ! d 192.168.1.0/24 j MASQUERADE ..Add these lines in INPUT chain $ipt -A INPUT -i eth0 -p 50 -j ACCEPT $ipt -A INPUT -i eth0 -p udp --dport 500 -j ACCEPT ..Add this line in FORWARD chain $ipt -A FORWARD -i ipsec0 s 192.168.1.0/24 -j ACCEPT 9. start ipsec service on G2 and G1 #service ipsec start 10. verify that tunnels are up #service ipsec status 11.test connectivity #ping 192.168.1.25
www.arondmessaging.ro www.facebook.com/aiolinux