Strongswan bridge mit gre-tunnel: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „=strongswan= ==host germany== */etc/ipsec.conf <pre> conn france-gemany authby=secret type=transport auto=start ike=aes256-sha256-modp2…“) |
|||
| (Eine dazwischenliegende Version desselben Benutzers wird nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
| + | =install= | ||
| + | *apt-get install strongswan bridge-utils | ||
=strongswan= | =strongswan= | ||
==host germany== | ==host germany== | ||
| Zeile 32: | Zeile 34: | ||
*/etc/ipsec.secrets | */etc/ipsec.secrets | ||
10.130.206.42 10.134.2.5 : PSK "suxer" | 10.130.206.42 10.134.2.5 : PSK "suxer" | ||
| + | =gre-tunnel= | ||
| + | ==host germany== | ||
| + | */etc/network/interface | ||
| + | <pre> | ||
| + | auto ens15 | ||
| + | iface ens15 inet manual | ||
| + | |||
| + | auto dmz | ||
| + | iface dmz inet manual | ||
| + | post-up ip link add gretap1 type gretap local 10.130.206.42 remote 10.134.2.5 | ||
| + | post-up ip link set dev gretap1 up | ||
| + | post-up brctl addif dmz gretap1 | ||
| + | bridge_ports ens15 tap1 | ||
| + | bridge_stp off | ||
| + | bridge_maxwait 10 | ||
| + | </pre> | ||
| + | |||
| + | ==host france== | ||
| + | */etc/network/interface | ||
| + | <pre> | ||
| + | auto ens15 | ||
| + | iface ens15 inet manual | ||
| + | |||
| + | auto dmz | ||
| + | iface dmz inet manual | ||
| + | post-up ip link add gretap1 type gretap local 10.134.2.5 remote 10.130.206.42 | ||
| + | post-up ip link set dev gretap1 up | ||
| + | post-up brctl addif dmz gretap1 | ||
| + | bridge_ports ens15 tap1 | ||
| + | bridge_stp off | ||
| + | bridge_maxwait 10 | ||
| + | </pre> | ||
Aktuelle Version vom 27. September 2018, 14:35 Uhr
install
- apt-get install strongswan bridge-utils
strongswan
host germany
- /etc/ipsec.conf
conn france-gemany
authby=secret
type=transport
auto=start
ike=aes256-sha256-modp2048
esp=aes256-sha256-modp2048
keyexchange=ikev2
left=10.134.2.5
right=10.130.206.42
auto=start
- /etc/ipsec.secrets
10.130.206.42 10.134.2.5 : PSK "suxer"
host france
- /etc/ipsec.conf
conn france-gemany
authby=secret
type=transport
auto=start
ike=aes256-sha256-modp2048
esp=aes256-sha256-modp2048
keyexchange=ikev2
left=10.134.2.5
right=10.130.206.42
auto=start
- /etc/ipsec.secrets
10.130.206.42 10.134.2.5 : PSK "suxer"
gre-tunnel
host germany
- /etc/network/interface
auto ens15
iface ens15 inet manual
auto dmz
iface dmz inet manual
post-up ip link add gretap1 type gretap local 10.130.206.42 remote 10.134.2.5
post-up ip link set dev gretap1 up
post-up brctl addif dmz gretap1
bridge_ports ens15 tap1
bridge_stp off
bridge_maxwait 10
host france
- /etc/network/interface
auto ens15
iface ens15 inet manual
auto dmz
iface dmz inet manual
post-up ip link add gretap1 type gretap local 10.134.2.5 remote 10.130.206.42
post-up ip link set dev gretap1 up
post-up brctl addif dmz gretap1
bridge_ports ens15 tap1
bridge_stp off
bridge_maxwait 10