API tools faq
paste
Advertisement
d1cor

ipsec_net-net_psk.conf

d1cor
Oct 18th, 2018
260
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.33 KB | None | 0 0
raw download clone embed print report
  1.  
  2.  
  3. eth1(.1) eth0(.10) eth2(.20) eth1(.1)
  4. LAN1---------------[SG1]-----------------(tunnel)----------------[SG2]-------------LAN2
  5. (192.168.10.0/24) (10.0.0.0/24) (192.168.20.0/24)
  6.  
  7. IPSEC-PSK
  8. tunnel entre dos security gateways.
  9.  
  10. gateway A, called "left"
  11. gateway B, called "right"
  12.  
  13. apt-get install strongswan #en ambos nodos
  14.  
  15. ===============================================================================
  16. Nodo @a
  17.  
  18. ___________________________________________________
  19. /etc/ipsec.conf
  20. agregar:
  21. include /etc/ipsec.d/ab_psk.conf
  22.  
  23. ___________________________________________________
  24. /etc/ipsec.d/ab_psk.conf
  25.  
  26. config setup
  27. charondebug="all"
  28. uniqueids=yes
  29. strictcrlpolicy=no
  30. conn %default
  31. conn tunnel #
  32. left=10.0.0.10
  33. leftid=@a
  34. leftsubnet=192.168.10.0/24
  35. right=10.0.0.20
  36. rightid=@b
  37. rightsubnet=192.168.20.0/24
  38. ike=aes256-sha2_256-modp1024!
  39. esp=aes256-sha2_256!
  40. keyingtries=0
  41. ikelifetime=1h
  42. lifetime=8h
  43. dpddelay=30
  44. dpdtimeout=120
  45. dpdaction=restart
  46. authby=secret
  47. auto=start
  48. keyexchange=ikev2
  49. type=tunnel
  50.  
  51. ___________________________________________________
  52. /etc/ipsec.secrets
  53. @a @b : PSK "secreta"
  54.  
  55.  
  56.  
  57. ===============================================================================
  58. Nodo @b
  59.  
  60. ___________________________________________________
  61. /etc/ipsec.conf
  62. agregar:
  63. include /etc/ipsec.d/ab_psk.conf
  64.  
  65. ___________________________________________________
  66. /etc/ipsec.d/ab_psk.conf
  67.  
  68. config setup
  69. charondebug="all"
  70. uniqueids=yes
  71. strictcrlpolicy=no
  72. conn %default
  73. conn tunnel #
  74. left=10.0.0.10
  75. leftid=@a
  76. leftsubnet=192.168.10.0/24
  77. right=10.0.0.20
  78. rightid=@b
  79. rightsubnet=192.168.20.0/24
  80. ike=aes256-sha2_256-modp1024!
  81. esp=aes256-sha2_256!
  82. keyingtries=0
  83. ikelifetime=1h
  84. lifetime=8h
  85. dpddelay=30
  86. dpdtimeout=120
  87. dpdaction=restart
  88. authby=secret
  89. auto=start
  90. keyexchange=ikev2
  91. type=tunnel
  92.  
  93. ___________________________________________________
  94. /etc/ipsec.secrets
  95. @a @b : PSK "secreta"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!