ipsec vpn vyatta vs vyatta
来源:互联网 发布:最优化可行方向 编辑:程序博客网 时间:2024/05/23 19:20
vyatta@site1:~$ show vpn ipsec
policy sa state status
vyatta@site1:~$ show vpn ipsec sa
Peer ID / IP Local ID / IP
------------ -------------
61.128.1.1 202.100.1.1
Tunnel State Bytes Out/In Encrypt Hash NAT-T A-Time L-Time Proto
------ ----- ------------- ------- ---- ----- ------ ------ -----
1 up 0.0/0.0 aes256 sha1 no 1065 1800 all
vyatta@site1:~$
vyatta@site1:~$
vyatta@site1:~$
vyatta@site1:~$
vyatta@site1:~$
vyatta@site1:~$ show configuration commands
set interfaces ethernet eth0 address '202.100.1.1/24'
set interfaces loopback lo address '192.168.40.1/24'
set protocols static route 0.0.0.0/0 next-hop '202.100.1.10'
set vpn ipsec esp-group ESP-1W lifetime '1800'
set vpn ipsec esp-group ESP-1W proposal 1 encryption 'aes256'
set vpn ipsec esp-group ESP-1W proposal 1 hash 'sha1'
set vpn ipsec esp-group ESP-1W proposal 2 encryption '3des'
set vpn ipsec esp-group ESP-1W proposal 2 hash 'md5'
set vpn ipsec ike-group IKE-1W lifetime '3600'
set vpn ipsec ike-group IKE-1W proposal 1 encryption 'aes256'
set vpn ipsec ike-group IKE-1W proposal 1 hash 'sha1'
set vpn ipsec ike-group IKE-1W proposal 2 encryption 'aes128'
set vpn ipsec ike-group IKE-1W proposal 2 hash 'sha1'
set vpn ipsec ipsec-interfaces interface 'eth0'
set vpn ipsec site-to-site peer 61.128.1.1 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 61.128.1.1 authentication pre-shared-secret 'test_key_1'
set vpn ipsec site-to-site peer 61.128.1.1 default-esp-group 'ESP-1W'
set vpn ipsec site-to-site peer 61.128.1.1 ike-group 'IKE-1W'
set vpn ipsec site-to-site peer 61.128.1.1 local-ip '202.100.1.1'
set vpn ipsec site-to-site peer 61.128.1.1 tunnel 1 local subnet '192.168.40.0/24'
set vpn ipsec site-to-site peer 61.128.1.1 tunnel 1 remote subnet '192.168.60.0/24'
vyatta@site1:~$
vyatta@site1:~$
vyatta@site2:~$
vyatta@site2:~$ show vpn ipsec sa
Peer ID / IP Local ID / IP
------------ -------------
202.100.1.1 61.128.1.1
Tunnel State Bytes Out/In Encrypt Hash NAT-T A-Time L-Time Proto
------ ----- ------------- ------- ---- ----- ------ ------ -----
1 up 0.0/0.0 aes256 sha1 no 530 1800 all
vyatta@site2:~$
vyatta@site2:~$
vyatta@site2:~$
vyatta@site2:~$ sudo ping 192.168.40.1 -I 192.168.60.1
PING 192.168.40.1 (192.168.40.1) from 192.168.60.1 : 56(84) bytes of data.
64 bytes from 192.168.40.1: icmp_req=1 ttl=64 time=0.965 ms
64 bytes from 192.168.40.1: icmp_req=2 ttl=64 time=1.53 ms
64 bytes from 192.168.40.1: icmp_req=3 ttl=64 time=1.55 ms
64 bytes from 192.168.40.1: icmp_req=4 ttl=64 time=1.54 ms
^C
--- 192.168.40.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 0.965/1.397/1.552/0.249 ms
vyatta@site2:~$
vyatta@site2:~$
vyatta@site2:~$ show configuration commands
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 hw-id '00:0c:29:1a:fc:c7'
set interfaces ethernet eth0 smp_affinity 'auto'
set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth1 address '61.128.1.1/24'
set interfaces ethernet eth1 hw-id '00:0c:29:1a:fc:d1'
set interfaces ethernet eth2 hw-id '00:0c:29:1a:fc:db'
set interfaces loopback lo address '2.2.2.2/24'
set interfaces loopback lo address '192.168.60.1/24'
set protocols static route 0.0.0.0/0 next-hop '61.128.1.10'
set system config-management commit-revisions '20'
set system console device ttyS0 speed '9600'
set system host-name 'site2'
set system login user vyatta authentication encrypted-password '$1$RONi22eX$PB6eoyAkrSJ7DNtmDy10G1'
set system login user vyatta authentication plaintext-password ''
set system login user vyatta level 'admin'
set system ntp server '0.vyatta.pool.ntp.org'
set system ntp server '1.vyatta.pool.ntp.org'
set system ntp server '2.vyatta.pool.ntp.org'
set system package auto-sync '1'
set system package repository community components 'main'
set system package repository community distribution 'stable'
set system package repository community password ''
set system package repository community url 'http://packages.vyatta.com/vyatta'
set system package repository community username ''
set system syslog global facility all level 'notice'
set system syslog global facility protocols level 'debug'
set system time-zone 'GMT'
set vpn ipsec esp-group ESP-1E lifetime '1800'
set vpn ipsec esp-group ESP-1E proposal 1 encryption 'aes256'
set vpn ipsec esp-group ESP-1E proposal 1 hash 'sha1'
set vpn ipsec esp-group ESP-1E proposal 2 encryption '3des'
set vpn ipsec esp-group ESP-1E proposal 2 hash 'md5'
set vpn ipsec ike-group IKE-1E lifetime '3600'
set vpn ipsec ike-group IKE-1E proposal 1 encryption 'aes256'
set vpn ipsec ike-group IKE-1E proposal 1 hash 'sha1'
set vpn ipsec ike-group IKE-1E proposal 2 encryption 'aes128'
set vpn ipsec ike-group IKE-1E proposal 2 hash 'sha1'
set vpn ipsec ipsec-interfaces interface 'eth1'
set vpn ipsec site-to-site peer 202.100.1.1 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 202.100.1.1 authentication pre-shared-secret 'test_key_1'
set vpn ipsec site-to-site peer 202.100.1.1 default-esp-group 'ESP-1E'
set vpn ipsec site-to-site peer 202.100.1.1 ike-group 'IKE-1E'
set vpn ipsec site-to-site peer 202.100.1.1 local-ip '61.128.1.1'
set vpn ipsec site-to-site peer 202.100.1.1 tunnel 1 local subnet '192.168.60.0/24'
set vpn ipsec site-to-site peer 202.100.1.1 tunnel 1 remote subnet '192.168.40.0/24'
vyatta@site2:~$
vyatta@site2:~$
vyatta@site2:~$
vyatta@site2:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
S>* 0.0.0.0/0 [1/0] via 61.128.1.10, eth1
C>* 2.2.2.0/24 is directly connected, lo
C>* 61.128.1.0/24 is directly connected, eth1
C>* 127.0.0.0/8 is directly connected, lo
K>* 192.168.40.0/24 is directly connected, eth1
C>* 192.168.60.0/24 is directly connected, lo
vyatta@site2:~$ show ip or
Invalid command: show ip [or]
vyatta@site2:~$ show ip route
bgp forward rip supernets-only
cache kernel static
connected ospf summary
vyatta@site2:~$ show ip route kernel
Possible completions:
<Enter> Execute the current command
vyatta@site2:~$ show ip route kernel
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
K>* 192.168.40.0/24 is directly connected, eth1
vyatta@site2:~$
vyatta@site2:~$
vyatta@site2:~$
vyatta@site1:~$ show configuration
interfaces {
ethernet eth0 {
address 202.100.1.1/24
hw-id 00:0c:29:97:4e:81
}
ethernet eth1 {
hw-id 00:0c:29:97:4e:8b
}
ethernet eth2 {
hw-id 00:0c:29:97:4e:95
}
loopback lo {
address 1.1.1.1/24
address 192.168.40.1/24
}
}
protocols {
static {
route 0.0.0.0/0 {
next-hop 202.100.1.10 {
}
}
}
}
system {
config-management {
commit-revisions 20
}
console {
device ttyS0 {
speed 9600
}
}
host-name site1
login {
user vyatta {
authentication {
encrypted-password ****************
plaintext-password ****************
}
level admin
}
}
ntp {
server 0.vyatta.pool.ntp.org {
}
server 1.vyatta.pool.ntp.org {
}
server 2.vyatta.pool.ntp.org {
}
}
package {
repository community {
components main
distribution stable
url http://packages.vyatta.com/vyatta
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
}
vpn {
ipsec {
esp-group ESP-1W {
lifetime 1800
proposal 1 {
encryption aes256
hash sha1
}
proposal 2 {
encryption 3des
hash md5
}
}
ike-group IKE-1W {
lifetime 3600
proposal 1 {
encryption aes256
hash sha1
}
proposal 2 {
encryption aes128
hash sha1
}
}
ipsec-interfaces {
interface eth0
}
site-to-site {
peer 61.128.1.1 {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
}
default-esp-group ESP-1W
ike-group IKE-1W
local-ip 202.100.1.1
tunnel 1 {
local {
subnet 192.168.40.0/24
}
remote {
subnet 192.168.60.0/24
}
}
}
}
}
}
vyatta@site1:~$
vyatta@site2:~$ show configuration
interfaces {
ethernet eth0 {
duplex auto
hw-id 00:0c:29:1a:fc:c7
smp_affinity auto
speed auto
}
ethernet eth1 {
address 61.128.1.1/24
hw-id 00:0c:29:1a:fc:d1
}
ethernet eth2 {
hw-id 00:0c:29:1a:fc:db
}
loopback lo {
address 2.2.2.2/24
address 192.168.60.1/24
}
}
protocols {
static {
route 0.0.0.0/0 {
next-hop 61.128.1.10 {
}
}
}
}
system {
config-management {
commit-revisions 20
}
console {
device ttyS0 {
speed 9600
}
}
host-name site2
login {
user vyatta {
authentication {
encrypted-password ****************
plaintext-password ****************
}
level admin
}
}
ntp {
server 0.vyatta.pool.ntp.org {
}
server 1.vyatta.pool.ntp.org {
}
server 2.vyatta.pool.ntp.org {
}
}
package {
auto-sync 1
repository community {
components main
distribution stable
password ****************
url http://packages.vyatta.com/vyatta
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone GMT
}
vpn {
ipsec {
esp-group ESP-1E {
lifetime 1800
proposal 1 {
encryption aes256
hash sha1
}
proposal 2 {
encryption 3des
hash md5
}
}
ike-group IKE-1E {
lifetime 3600
proposal 1 {
encryption aes256
hash sha1
}
proposal 2 {
encryption aes128
hash sha1
}
}
ipsec-interfaces {
interface eth1
}
site-to-site {
peer 202.100.1.1 {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
}
default-esp-group ESP-1E
ike-group IKE-1E
local-ip 61.128.1.1
tunnel 1 {
local {
subnet 192.168.60.0/24
}
remote {
subnet 192.168.40.0/24
}
}
}
}
}
}
vyatta@site2:~$
0 0
- ipsec vpn vyatta vs vyatta
- GRE over IPsec vpn vyatta vs vyatta config 1
- IPsec vpn juniper vs vyatta config 1
- GRE vpn juniper vs vyatta config 1
- Vyatta logo企业级的路由器/防火墙 Vyatta
- vyatta 6.4 的设置
- Strongswan和Vyatta配置
- vyatta: snat, dnat
- vyos -vyatta-config-commit save
- Debian衍生防火墙系统-Vyatta 6.1 发布
- vyatta 6c的简单设置
- Passed Brocade Vyatta NFV vRouter Certificated Engineer: BCVRE 170-010
- SSL VPN vs IPSEC VPN两者之比较
- IPSEC VPN
- IPsec VPN
- IPSec vpn
- IPSEC VPN
- IPSec VPN
- UIImage两种初始化的区别
- iOSDay36数据处理之SQLite数据库
- Firebug入门指南
- iOS中的单例
- iOSDay37数据处理之CoreData
- ipsec vpn vyatta vs vyatta
- iOS开发代码规范(通用)
- SQLite错误码
- 快速排序算法学习心得(Java实现)
- iOS数据持久化文件读写之偏好设置
- python的json格式文件读写
- iOSDay38网络之数据解析
- [置顶]iOSDay25之UIScrollView
- [置顶]iOSDay29之UITableView