strongswan5.1.2 on ubuntu14.04 (net-net with psk)
来源:互联网 发布:高考大数据 编辑:程序博客网 时间:2024/06/11 20:08
The network topology:
client1: ubuntu14.04 server eth0 ip: 10.1.0.10/24 ---->c1
client2: ubuntu14.04 server eth0 ip: 10.2.0.10/24 ---->c2
gateway1: ubuntu14.04 server eth1 ip: 10.1.0.1/24 eth0 ip: 192.168.0.1/24 --->g1
gateway2: ubuntu14.04 server eth1 ip: 10.2.0.1/24 eth0 ip: 192.168.0.2/24 --->g2
c1(eth0:10.1.0.10/24)<---->(eth1:10.1.0.1/24)g1(eth0:192.168.0.1/24)<---->(eth0:192.168.0.2/24)g2(eth1:10.1.0.1/24)<---->(eth0:10.2.0.10/24)c2
|-------------------switch 1------------| |------------switch 0----------------| |--------------switch 2------------|
That is, eth0 of c1 and eth1 of g1 are in switch 1.
eth0 of g1 and eth0 of g2 are in switch 0.
eth1 of g2 and eth0 of c2 are in switch 2.
Before making tests, please make sure that you can ping from c1 to c2 through switch 0.
1. on g1:
run apt-get install strongswan*
a)ip addr add 192.168.0.1/24 dev eth0
ip link set eth0 up
ip addr add 10.1.0.1/24 dev eth1
ip link set eth1 up
b)
ip route add default via 192.168.0.2 dev eth0
c) /etc/ipsec.conf
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2
mobike=no
conn net-net
left=192.168.0.1
leftsubnet=10.1.0.0/16
leftid=@moon.strongswan.org
leftfirewall=yes
right=192.168.0.2
rightsubnet=10.2.0.0/16
rightid=@sun.strongswan.org
auto=add
d) /etc/ipsec.secrets
: PSK "nokia"
2. on g2
apt-get install strongswan*
ip addr add 192.168.0.2/24 dev eth0
ip link set eth0 up
ip addr add 10.2.0.1/24 dev eth1
ip link set eth1 up
b)
ip route add default via 192.168.0.1 dev eth0
c) /etc/ipsec.conf
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2
mobike=no
conn net-net
left=192.168.0.2
leftsubnet=10.2.0.0/16
leftid=@sun.strongswan.org
leftfirewall=yes
right=192.168.0.1
rightsubnet=10.1.0.0/16
rightid=@moon.strongswan.org
auto=add
d) /etc/ipsec.secrets
: PSK "nokia"
3. on c1
a)
ip addr add 10.1.0.10/24 dev eth0
b)
ip route add default via 10.1.0.1 dev eth0
4. on c2
a)
ip addr add 10.2.0.10/24 dev eth0
b)
ip route add default via 10.2.0.1 dev eth0
5. on g1
run this command: ipsec restart
6. on g2
run this command: ipsec restart
7. on g1
run this command: ipsec up net-net
8. on c1
run this command: ping 10.2.0.10
9. on g1, g2
run this command: tcpdump -ni eth0 esp
You will find the tcpdump output.
0 0
- strongswan5.1.2 on ubuntu14.04 (net-net with psk)
- 51 Recipes on using jQuery with ASP.NET Controls
- A little tutorial on CodeFluent Entities with ASP.NET MVC4
- NET Tip: Run ASP.NET 1.1 with ASP.NET 2.0 on Windows 2003 NET技巧:在WINDOWS 2003 上同时运行 ASP.NET 1.1 和 ASP.NET 2.0
- [.NET] MVC with .NET interface
- ubuntu14.04安装theano的二进制网络theano-xnor-net
- .NET Come on
- Brainbench assessments on .NET
- marquee on aspx.net
- PSK
- FFMpeg2.4.2 on Ubuntu14.04
- strongswan4.4.0 on ubuntu14.04
- ipsec/racoon on ubuntu14.04
- ubuntu14.04 ruby on rails
- OBS Build on ubuntu14.04
- mysql installation on ubuntu14.04
- Start with Ajax.NET
- ASUS N550JK4700 with ubuntu14.04
- glUnmapBuffer
- mybatis--增删查改的基本mapper的xml配置
- linux awk 命令
- 判断俩个链表是否相交
- 《C#游戏开发快速入门教程》
- strongswan5.1.2 on ubuntu14.04 (net-net with psk)
- 绘制图形
- Bit Manipulation Reverse Bits
- 在C++中子类继承和调用父类的构造函数方法
- 学习练习--IOS雪花飘落的实现方法
- 算法与数据结构学习 01 基础与规范
- 北京韩式婚纱摄影工作室
- RichEdit控件与父窗口使用消息反射机制实现过滤输入字符(WIN32应用)
- 关于iPhone多线程编程的教程