Gre tunnel linux: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 57: | Zeile 57: | ||
=IN ESP Transport Modues gekapselt= | =IN ESP Transport Modues gekapselt= | ||
{{#drawio:gre-2}} | {{#drawio:gre-2}} | ||
| + | =Die Konfiguration ist so einfach das man auf beiden Seite die gleiche verwenden kann. | ||
| + | |||
| + | *cat /etc/ipsec.conf | ||
| + | conn garlic-hubsi | ||
| + | authby=secret | ||
| + | type=transport | ||
| + | left=10.82.1.195 | ||
| + | right=10.82.1.211 | ||
| + | ike=aes256-sha256-modp4096! | ||
| + | esp=aes256-sha256-modp4096! | ||
| + | ikelifetime=28800s | ||
| + | lifetime=3600s | ||
| + | |||
| + | *cat /etc/ipsec.secrets | ||
| + | 10.82.1.195 10.82.1.211 : PSK "sehr-geheim" | ||
Version vom 8. September 2022, 17:27 Uhr
Unverschlüsselt
Ipforward on
- Wenn geroutet wird muss man immer ip_forward einschalten
- cat /etc/sysctl.conf
net.ipv4.ip_forward=1
- sysctl -p
Interfaces
- Standard GRE Tunnel unverschlüsselt
garlic
#WAN auto eth0 iface eth0 inet static address 10.82.1.211 netmask 255.255.0.0 gateway 10.82.0.1 #LAN auto eth1 iface eth1 inet static address 192.168.33.1 netmask 255.255.255.0 #TUN auto gretun iface gretun inet static address 172.30.30.1 pointopoint 172.30.30.2 pre-up ip tunnel add gretun mode gre remote 10.82.1.195 local 10.82.1.211 ttl 255 post-up ip route add 192.168.55.0/24 via 172.30.30.2
hubsi
#WAN auto eth0 iface eth0 inet static address 10.82.1.195 netmask 255.255.0.0 gateway 10.82.0.1 #LAN auto eth1 iface eth1 inet static address 192.168.55.1 netmask 255.255.255.0 #TUN auto gretun iface gretun inet static address 172.30.30.2 pointopoint 172.30.30.1 pre-up ip tunnel add gretun mode gre remote 10.82.1.211 local 10.82.1.195 ttl 255 post-up ip route add 192.168.33.0/24 via 172.30.30.1
IN ESP Transport Modues gekapselt
![Bearbeiten](javascript:editDrawio("900907491", "gre-1.drawio.png", "png", false, false, false, true, "https://embed.diagrams.net")){kind=link}
![Bearbeiten](javascript:editDrawio("2130576427", "gre-2.drawio.png", "png", false, false, false, true, "https://embed.diagrams.net")){kind=link}
=Die Konfiguration ist so einfach das man auf beiden Seite die gleiche verwenden kann.
- cat /etc/ipsec.conf
conn garlic-hubsi
authby=secret
type=transport
left=10.82.1.195
right=10.82.1.211
ike=aes256-sha256-modp4096!
esp=aes256-sha256-modp4096!
ikelifetime=28800s
lifetime=3600s
- cat /etc/ipsec.secrets
10.82.1.195 10.82.1.211 : PSK "sehr-geheim"