doc:appunti:linux:sa:ipsec_strongswan
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
doc:appunti:linux:sa:ipsec_strongswan [2021/02/05 16:29] – [IPsec VPN Strongswan su Debian 10 Buster] niccolo | doc:appunti:linux:sa:ipsec_strongswan [2023/11/14 11:27] (current) – [File di configurazione] niccolo | ||
---|---|---|---|
Line 11: | Line 11: | ||
In alternativa al pacchetto **strongswan** è possibile installare **[[# | In alternativa al pacchetto **strongswan** è possibile installare **[[# | ||
- | ===== Fine di configurazione ===== | + | ===== File di configurazione ===== |
+ | |||
+ | Qesti gli indirizzi IP coinvolti: | ||
+ | |||
+ | * **Lato Left (host locale)** | ||
+ | * IP pubblico: **132.82.168.98** | ||
+ | * Classe IP privata: **172.17.48.96/ | ||
+ | * **Lato Right (host remoto)** | ||
+ | * IP pubblico: **134.191.21.5** | ||
+ | * Classe IP privata: **172.17.48.80/ | ||
**/ | **/ | ||
< | < | ||
+ | config setup | ||
+ | # strictcrlpolicy=yes | ||
+ | # uniqueids = no | ||
+ | charondebug=" | ||
+ | # More control on Charon debug. Default level is 1 " | ||
+ | # level 2 is " | ||
+ | # | ||
+ | uniqueids = yes | ||
+ | |||
include / | include / | ||
</ | </ | ||
+ | |||
+ | **/ | ||
+ | |||
+ | < | ||
+ | include / | ||
+ | </ | ||
+ | |||
**/ | **/ | ||
< | < | ||
+ | conn office1-office2 | ||
+ | type=tunnel | ||
+ | auto=start | ||
+ | keyexchange=ikev2 | ||
+ | authby=secret | ||
+ | left=132.82.168.98 | ||
+ | leftsubnet=172.17.48.97/ | ||
+ | right=134.191.21.5 | ||
+ | rightsubnet=172.17.48.81/ | ||
+ | ike=aes256-sha256-modp1536 | ||
+ | esp=aes256-sha256-modp1536 | ||
+ | aggressive=no | ||
+ | keyingtries=%forever | ||
+ | ikelifetime=86400s | ||
+ | lifetime=28800s | ||
+ | dpddelay=30s | ||
+ | dpdtimeout=120s | ||
+ | dpdaction=restart | ||
+ | closeaction=restart | ||
+ | </ | ||
+ | L' | ||
+ | |||
+ | < | ||
+ | charon: 07[IKE] received DELETE for IKE_SA office1-office2[5] | ||
+ | charon: 07[IKE] deleting IKE_SA office1-office2[5] | ||
+ | between 132.82.168.98[213.182.68.98]...134.191.21.5[134.191.21.5] | ||
+ | ipsec[30830]: | ||
+ | ipsec[30830]: | ||
+ | between 132.82.168.98[213.182.68.98]...134.191.21.5[134.191.21.5] | ||
+ | </ | ||
+ | |||
+ | **/ | ||
+ | |||
+ | < | ||
+ | # ------- Site 1 Gateway (office1-office2) ------- | ||
+ | 132.82.168.98 134.191.21.5 : PSK " | ||
+ | |||
+ | # ------- Site 2 Gateway (office2-office1) ------- | ||
+ | 134.191.21.5 132.82.168.98 : PSK " | ||
+ | </ | ||
+ | |||
+ | ===== Configurazione Shorewall ===== | ||
+ | |||
+ | **/ | ||
+ | |||
+ | < | ||
+ | ACCEPT | ||
+ | ACCEPT | ||
+ | ACCEPT | ||
+ | </ | ||
+ | |||
+ | **ATTENZIONE**: | ||
+ | |||
+ | **/ | ||
+ | |||
+ | < | ||
+ | ipsec net 134.191.21.5 | ||
+ | </ | ||
+ | |||
+ | **/ | ||
+ | |||
+ | < | ||
+ | sec ipv4 | ||
+ | </ | ||
+ | |||
+ | **/ | ||
+ | |||
+ | < | ||
+ | sec eth0: | ||
</ | </ | ||
Line 92: | Line 186: | ||
office1-office2: | office1-office2: | ||
office1-office2: | office1-office2: | ||
- | office1-office2: | + | office1-office2: |
Security Associations (1 up, 0 connecting): | Security Associations (1 up, 0 connecting): | ||
office1-office2[1]: | office1-office2[1]: |
doc/appunti/linux/sa/ipsec_strongswan.1612538991.txt.gz · Last modified: 2021/02/05 16:29 by niccolo