STRONGSWAN源代码学习2_LIBGCRYPT
来源:互联网 发布:软件开发专业就业方向 编辑:程序博客网 时间:2024/06/08 11:48
StrongSwan支持libgcrypt。对于StrongSwan官网上的例子No.3需要安装libcurl、libgcrypt和libgmp。
- LIBGCRYPT安装
libgcrypt依赖于libgpg-error。首先下载libgpg-error和libgcrypt。
ftp> open ftp.gnupg.orgConnected to ftp.gnupg.org.220-Welcome hacker!220-.220-This is the FTP server of the GnuPG project. Please send problem reports220-to ftpmaster@gnupg.org after having checked the gnupg-users mailing list220-archive at http://lists.gnupg.org/pipermail/gnupg-users/ for known problems.220-.220-Housing and traffic is sponsored by OpenIT GmbH. 220-.220-The server contains cryptographic software and its use might be illegal in220-your country. However, as far as we know, only a very few countries have220-restrictions on the use of cryptographic software.220-.220 Service ready for new user.Name (ftp.gnupg.org:***): anonymous(匿名登录)331 Send e-mail address as password.Password:230 User logged in, proceed.Remote system type is UNIX.ftp> cd gcrypt/libgpg-error250-The package libgpg-error contains common error codes and error handling250-functions used by GnuPG, Libgcrypt, GPGME and more packages. 250 Directory change successful.ftp> passive(被动模式)Passive mode on.ftp> binary(BINARY mode)200 Command okay.ftp> get libgpg-error-1.12.tar.bz2local: libgpg-error-1.12.tar.bz2 remote: libgpg-error-1.12.tar.bz2227 Entering Passive Mode (217,69,76,55,156,84).150 About to open data connection.226 File transfer complete.489266 bytes received in 9.86 secs (48.5 kB/s)ftp> cd ..250-This directory is used as FTP site for GNU crypto software and250-related stuff.250-.250-US laws place restrictions on the export of defense articles, which250-includes some types of cryptographic software; this is the reason250-that such software is not available from ftp.gnu.org250-.250-It is legal however, to export such software into the US.250-.250-Please contact <ftpmaster@gnupg.org> it you have any problems with250-this site. 250-.250-Software available here:250-.250- gnupg/ The GNU Privacy Guard250- libgpg-error/ Common error codes for GnuPG, Libgcrypt etc.250- gpgme/ GnuPG Made Easy library250- pinentry/ Tool to enter a passphrase securely250- libgcrypt/ General purpose low-level crypto library250- libassuan/ The IPC library used by GnuPG250- npth/ The New GNU Portable Threads Library250- dirmngr/ A daemon to manage CRLs and LDAP queries for GnuPG.250- gnu-crypt/ GNU Crypto for the classpathx Java libraries250- egd/ Entropy Gathering Daemon250- lsh/ A Secure Shell v2 implementation (work in progress)250- 250- alpha/ Current development versions250- binary/ Compiled versions for MS Windows.250- contrib/ Other software and more translation files.250- historic/ Historic versions. Also includes the content of 250- the old devel/ and pgpgpg/ directories.250-.250-See http://www.gnupg.org for further information.250-.250-The programs GnuPG and Libgcrypt hosted here are Free Software packages of250-the GNU Project. We call them Free Software because you are free to copy250-and redistribute them, following the rules stated in the license of each250-package. For more information, see250-http://www.gnu.org/philosophy/free-sw.html.250-.250-If you are looking for service or support for this software, see250-http://www.gnupg.org/service.html .250-.250-If you would like to contribute to the development of one of these250-packages, contact the package maintainer or the bug-reporting address250-of the package (which should be listed in the package itself), or look250-on www.gnu.org for more information on how to contribute.250-.250 Directory change successful.ftp> cd libgcrypt250-This is the stable version of Libgcrypt. 250-For devlopment versions see ../alpha/libgcrypt/.250 Directory change successful.ftp> get libgcrypt-1.6.0.tar.bz2 local: libgcrypt-1.6.0.tar.bz2 remote: libgcrypt-1.6.0.tar.bz2227 Entering Passive Mode (217,69,76,55,158,239).150 About to open data connection.226 File transfer complete.2499149 bytes received in 51.68 secs (47.2 kB/s)ftp> close221 Service closing control connection.ftp> bye
下载完成后,安装libgpg-error和libgcrypt。
******xxx.tar.bz2格式文件解压******
bzip2 -d xxx.tar.bz2
tar -xvf xxx.tar
或者
tar -xjvf xxx.tar.bz2
******************************************
bzip2 -d libgpg-error-1.12.tar.bz2tar -xvf libgpg-error-1.12.tarbzip2 -d libgcrypt-1.6.0.tar.bz2tar -xvf libgcrypt-1.6.0.tar
对libgpg-error和libgcrypt请参考——libgpg-error-1.12和libgcrypt-1.6.0:
libgpg-error-1.12安装:
Install libgpg-error by running the following commands:./configure --prefix=/usr --disable-static &&makeTo test the results, issue: make check.Now, as the root user:make install &&install -v -m644 -D README /usr/share/doc/libgpg-error-1.12/README
libgcrypt-1.6.0安装(实验中执行了红字部分):
Install libgcrypt by running the following commands:./configure --prefix=/usr &&makeOnly info documentation is shipped in the package tarball. If you wish to build alternate formats of the documentation, (you must have texlive-20130530 installed to build the PDF and PostScript documentation), then issue the following commands:make -C doc pdf ps html &&makeinfo --html --no-split -o doc/gcrypt_nochunks.html doc/gcrypt.texi &&makeinfo --plaintext -o doc/gcrypt.txt doc/gcrypt.texiTo test the results, issue: make check.Now, as the root user:make install &&install -v -dm755 /usr/share/doc/libgcrypt-1.6.0 &&install -v -m644 README doc/{README.apichanges,fips*,libgcrypt*} \ /usr/share/doc/libgcrypt-1.6.0If you built the additional documentation, install it by issuing the following commands as the root user:install -v -dm755 /usr/share/doc/libgcrypt-1.6.0/html &&install -v -m644 doc/gcrypt.html/* \ /usr/share/doc/libgcrypt-1.6.0/html &&install -v -m644 doc/gcrypt_nochunks.html \ /usr/share/doc/libgcrypt-1.6.0 &&install -v -m644 doc/gcrypt.{pdf,ps,dvi,txt,texi} \ /usr/share/doc/libgcrypt-1.6.0
- LIBGMP安装
安装libgmp之前需要安装m4(a macro processing language)和build-essential(Informational list of build-essential packages)。
sudo apt-get install m4apt-get install build-essential
在libgmp官网下载gmp-x.x.x.tar.bz2进行安装,实验中下载的是gmp-5.1.3.tar.bz2:
tar -xjvf gmp-5.1.3.tar.bz2cd gmp-5.1.3sudo ./configure --enable-cxxsudo makesudo make checksudo make install
- LIBCURL安装
wget http://curl.haxx.se/download/curl-7.22.0.tar.gztar -zxvf curl-7.22.0.tar.gzcd curl-7.22.0./configuremakemake install
- StrongSwan安装
wget http://download.strongswan.org/strongswan-4.6.4.tar.bz2tar xjvf strongswan-4.6.4.tar.bz2cd strongswan-4.6.4./configure --prefix=/usr --sysconfdir=/etc --enable-gcrypt --enable-curl --disable-plutomakemake install
- 实验
配置:
Ubuntu3(虚拟机)——Ubuntu12.04LTS(32位)——IP192.168.31.132
Ubuntu4(虚拟机)——Ubuntu12.04LTS(32位)——IP192.168.31.133
对Ubuntu3进行配置:
配置/etc/ipsec.secrets
192.168.31.132 : PSK "chu"
配置/etc/ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file# basic configurationconfig setup # plutodebug=all # crlcheckinterval=600 # strictcrlpolicy=yes # cachecrls=yes # nat_traversal=yes # charonstart=no # plutostart=no plutodebug=all charondebug="ike 4" charonstart=yes plutostart=yes# Add connections here.# Sample VPN connections#conn sample-self-signed# left=%defaultroute# leftsubnet=10.1.0.0/16# leftcert=selfCert.der# leftsendcert=never# right=192.168.0.2# rightsubnet=10.2.0.0/16# rightcert=peerCert.der# auto=start#conn sample-with-ca-cert# left=%defaultroute# leftsubnet=10.1.0.0/16# leftcert=myCert.pem# right=192.168.0.2# rightsubnet=10.2.0.0/16# rightid="C=CH, O=Linux strongSwan CN=peer name"# keyexchange=ikev2# auto=startconn host-to-host left=192.168.31.133 right=192.168.31.132 type=transport authby=secret auto=start
配置/etc/strongswan.conf
# strongswan.conf - strongSwan configuration filecharon { # number of worker threads in charon threads = 16 # send strongswan vendor ID? # send_vendor_id = yes load = curl pem pkcs1 gcrypt x509 revocation hmac xcbc stroke kernel-netlink socket-default updown plugins { sql { # loglevel to log into sql database loglevel = -1 # URI to the database # database = sqlite:///path/to/file.db # database = mysql://user:password@localhost/database } } filelog { /var/log/strongswan.log { time_format = %b %e %T append = no default = 4 flush_line = yes } } # ...} pluto {}libstrongswan { # set to no, the DH exponent size is optimized # dh_exponent_ansi_x9_42 = no}
类似的,对Ubuntu4进行配置。通过ipsec restart重启软件。查看日志文件(/var/log/strongswan.log):
Jan 12 17:36:50 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.6.4)Jan 12 17:36:50 00[LIB] plugin 'curl': loaded successfullyJan 12 17:36:50 00[LIB] plugin 'pem': loaded successfullyJan 12 17:36:50 00[LIB] plugin 'pkcs1': loaded successfullyJan 12 17:36:50 00[LIB] plugin 'gcrypt': loaded successfullyJan 12 17:36:50 00[LIB] plugin 'x509': loaded successfullyJan 12 17:36:50 00[LIB] plugin 'revocation': loaded successfullyJan 12 17:36:50 00[LIB] plugin 'hmac': loaded successfullyJan 12 17:36:50 00[LIB] plugin 'xcbc': loaded successfullyJan 12 17:36:50 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'Jan 12 17:36:50 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'Jan 12 17:36:50 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'Jan 12 17:36:50 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'Jan 12 17:36:50 00[CFG] loading crls from '/etc/ipsec.d/crls'Jan 12 17:36:50 00[CFG] loading secrets from '/etc/ipsec.secrets'Jan 12 17:36:50 00[CFG] loaded IKE secret for 192.168.31.133Jan 12 17:36:50 00[CFG] secret: 63:68:75Jan 12 17:36:50 00[LIB] plugin 'stroke': loaded successfullyJan 12 17:36:50 00[LIB] plugin 'kernel-netlink': loaded successfullyJan 12 17:36:50 00[KNL] listening on interfaces:Jan 12 17:36:50 00[KNL] eth0Jan 12 17:36:50 00[KNL] 192.168.31.133Jan 12 17:36:50 00[KNL] fe80::20c:29ff:feb9:b29cJan 12 17:36:50 00[LIB] plugin 'socket-default': loaded successfullyJan 12 17:36:50 00[LIB] plugin 'updown': loaded successfullyJan 12 17:36:50 00[DMN] loaded plugins: curl pem pkcs1 gcrypt x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
- STRONGSWAN源代码学习2_LIBGCRYPT
- STRONGSWAN源代码学习1_IPSEC学习
- StrongSwan笔记
- 源代码学习
- strongswan简单介绍
- strongswan 运行出错
- Strongswan和Vyatta配置
- strongswan 搭建vpn
- 使用StrongSwan配置IPSec
- Lucene-2.2.0 源代码阅读学习(2)
- Lucene-2.2.0 源代码阅读学习(2)
- GeekOS源代码学习(2)Main函数
- SQL学习:SQLCookBook源代码-mysql版本(2)
- 深度学习_caffe (2) 源代码阅读顺序
- Java学习源代码学习
- Java学习源代码学习
- strongSwan Linux内核安全框架
- OpenSUSE 13.1上安装StrongSwan
- 设计模式 之 原型模式
- 存在心里的人,走进生命的魂
- do not back up IOS被拘处理
- 2014 Multi-University Training Contest 7 题解
- 黑马程序员——集合框架类学习
- STRONGSWAN源代码学习2_LIBGCRYPT
- 遍历删除.svn .git .repo目录
- qsort函数学习总结
- HDU 4771
- 算法的特征及设计要求
- MySQL常用命令(持续总结中)
- sum 3- 4
- 算法基础-动态规划 (1) 01背包问题
- linux系统下安装jdk