Scribd Logo
Upload

Welcome to Scribd!

  • Site2site VPN

    Uploaded by

    aiolinux
    168 views3 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    RTF, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as RTF, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as rtf, pdf, or txt
    168 views3 pages

    Site2site VPN

    Uploaded by

    aiolinux

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as RTF, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as rtf, pdf, or txt
    of 3

    ->ipsec setup<-

    G2 second linux gateway [LEFT]


    ext ip=10.10.10.1
    lan ip=192.168.1.5
    gw ip=10.10.10.2

    G1 first linux gateway [RIGHT]


    ext ip=10.10.10.2
    lan ip=192.168.0.5
    gw ip=10.10.10.1

    1. login to G2 and install openswan with klips support


    #mkdir /downloads
    #cd /downloads
    # wget http://www.openswan.org/download/openswan-2.6.31.tar.gz
    #tar zxvf openswan-2.6.31.tar.gz
    #cd openswan-2.6.31
    #make programs install
    #make KERNELSRC=/lib/modules/`uname –r`/build module minstall

    2. configure tunnel on G2
    #vi /etc/ipsec.conf
    config setup
    protostack=klips
    interfaces=”ipsec0=eth0”

    conn G2-to-G1
    auto=start
    authby=secret
    left=10.10.10.1
    leftsubnet=192.168.1.0/24
    right=10.10.10.2
    rightsubnet=192.168.0.0/24

    3. configure secret on G2
    #vi /etc/ipsec.secrets
    10.10.10.1 10.10.10.2: PSK "secret"

    4. modify firewall for ipsec tunnel on G2


    #vi /etc/kerber/firewall
    ..Modify NAT statement
    $ipt –t nat –A POSTROUTING –o eth0 ! –d 192.168.0.0/24 –j MASQUERADE
    ..Add these lines in INPUT chain
    $ipt -A INPUT -i eth0 -p 50 -j ACCEPT
    $ipt -A INPUT -i eth0 -p udp --dport 500 -j ACCEPT
    ..Add this line in FORWARD chain
    $ipt -A FORWARD -i ipsec0 –s 192.168.0.0/24 -j ACCEPT

    5. login to G1 and install openswan with klips support


    #mkdir /downloads
    #cd /downloads
    # wget http://www.openswan.org/download/openswan-2.6.31.tar.gz
    #tar zxvf openswan-2.6.31.tar.gz
    #cd openswan-2.6.31
    #make programs install
    #make KERNELSRC=/lib/modules/`uname –r`/build module minstall

    6. configure tunnel on G1
    #vi /etc/ipsec.conf
    config setup
    protostack=klips
    interfaces=”ipsec0=eth0”

    conn G2-to-G1
    auto=start
    authby=secret
    left=10.10.10.1
    leftsubnet=192.168.1.0/24
    right=10.10.10.2
    rightsubnet=192.168.0.0/24

    7. configure secret on G1
    #vi /etc/ipsec.secrets
    10.10.10.1 10.10.10.2: PSK "secret"

    8. modify firewall for ipsec tunnel on G1


    #vi /etc/kerber/firewall
    ..Modify NAT statement
    $ipt –t nat –A POSTROUTING –o eth0 ! –d 192.168.1.0/24 –j MASQUERADE
    ..Add these lines in INPUT chain
    $ipt -A INPUT -i eth0 -p 50 -j ACCEPT
    $ipt -A INPUT -i eth0 -p udp --dport 500 -j ACCEPT
    ..Add this line in FORWARD chain
    $ipt -A FORWARD -i ipsec0 –s 192.168.1.0/24 -j ACCEPT

    9. start ipsec service on G2 and G1


    #service ipsec start

    10. verify that tunnels are up


    #service ipsec status

    11.test connectivity
    #ping 192.168.1.25

    You might also like