IP Utils Esp: Unterschied zwischen den Versionen

@@ Zeile 1: / Zeile 1: @@
-=Prinzip=
-==tic==
- ip xfrm state flush
- ip xfrm state add src 192.168.244.53 dst 192.168.244.52  proto esp spi 0x12345678 \
- reqid 0x12345678 mode tunnel auth sha256 0x1234567890123456789012345678901234567890123456789012345678901234 \
- enc aes 0x0000123456789012345678901234567890123456789012345678901234567890
- ip xfrm state add src 192.168.244.52 dst 192.168.244.53  proto esp spi 0x12345678 \
- reqid 0x12345678 mode tunnel auth sha256 0x1234567890123456789012345678901234567890123456789012345678901234 \
- enc aes 0x0000123456789012345678901234567890123456789012345678901234567890
- ip xfrm policy flush
- ip xfrm policy add src 10.10.53.0/24 dst 10.10.52.0/24 dir out tmpl src 192.168.244.53 dst 192.168.244.52 \
- proto esp reqid 0x12345678 mode tunnel
- ip xfrm policy add src 10.10.52.0/24 dst 10.10.53.0/24 dir in tmpl src 192.168.244.52 dst 192.168.244.53 \
- proto esp reqid 0x12345678 mode tunnel
-==nogger==
- ip xfrm state flush
- ip xfrm state add src 192.168.244.53 dst 192.168.244.52  proto esp spi 0x12345678 \
- reqid 0x12345678 mode tunnel auth sha256 0x1234567890123456789012345678901234567890123456789012345678901234 \
- enc aes 0x0000123456789012345678901234567890123456789012345678901234567890
- ip xfrm state add src 192.168.244.52 dst 192.168.244.53  proto esp spi 0x12345678 \
- reqid 0x12345678 mode tunnel auth sha256 0x1234567890123456789012345678901234567890123456789012345678901234 \
- enc aes 0x0000123456789012345678901234567890123456789012345678901234567890
- ip xfrm policy flush
- ip xfrm policy add src 10.10.52.0/24 dst 10.10.53.0/24 dir out tmpl src 192.168.244.52 dst 192.168.244.53 \
- proto esp reqid 0x12345678 mode tunnel
- ip xfrm policy add src 10.10.53.0/24 dst 10.10.52.0/24 dir in tmpl src 192.168.244.53 dst 192.168.244.52 \
- proto esp reqid 0x12345678 mode tunnel
-==Kontrolle==
-*ip xfrm state
-<pre>
- src 192.168.244.52 dst 192.168.244.53
- 	proto esp spi 0x12345678 reqid 305419896 mode tunnel
-	replay-window 0
-	auth-trunc hmac(sha256) 0x1234567890123456789012345678901234567890123456789012345678901234 96
-	enc cbc(aes) 0x0000123456789012345678901234567890123456789012345678901234567890
-	anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000
-	sel src 0.0.0.0/0 dst 0.0.0.0/0
- src 192.168.244.53 dst 192.168.244.52
-	proto esp spi 0x12345678 reqid 305419896 mode tunnel
-	replay-window 0
-	auth-trunc hmac(sha256) 0x1234567890123456789012345678901234567890123456789012345678901234 96
-	enc cbc(aes) 0x0000123456789012345678901234567890123456789012345678901234567890
-	anti-replay context: seq 0x0, oseq 0x196, bitmap 0x00000000
-	sel src 0.0.0.0/0 dst 0.0.0.0/0
-</pre>
-*ip xfrm policy
-<pre>
- src 10.10.52.0/24 dst 10.10.53.0/24
- 	dir in priority 0
- 	tmpl src 192.168.244.52 dst 192.168.244.53
-		proto esp reqid 305419896 mode tunnel
- src 10.10.53.0/24 dst 10.10.52.0/24
-	dir out priority 0
-	tmpl src 192.168.244.53 dst 192.168.244.52
-		proto esp reqid 305419896 mode tunnel
-</pre>
-*ip xfrm monitor
-<pre>
-Async event  (0x10)  replay update
-	src 192.168.244.53 dst 192.168.244.52  reqid 0x12345678 protocol esp  SPI 0x12345678
-Async event  (0x20)  timer expired
-	src 192.168.244.53 dst 192.168.244.52  reqid 0x12345678 protocol esp  SPI 0x12345678
-Async event  (0x20)  timer expired
-	src 192.168.244.53 dst 192.168.244.52  reqid 0x12345678 protocol esp  SPI 0x12345678
-Async event  (0x20)  timer expired
-	src 192.168.244.53 dst 192.168.244.52  reqid 0x12345678 protocol esp  SPI 0x12345678
-</pre>
-=Skript=
-*/usr/local/sbin/tunnel.sh
-<pre>
-#!/bin/bashWireshark VPN entschlüsseln
-if [ "$4" == "" ]; then
-    echo "usage: $0 <local_ip> <remote_ip> <new_local_ip> <new_remote_ip>"
-    echo "creates an ipsec tunnel between two machines"
-    exit 1
-fi
-SRC="$1"; shift
-DST="$1"; shift
-LOCAL="$1"; shift
-REMOTE="$1"; shift
-KEY1=0x`dd if=/dev/urandom count=32 bs=1 2> /dev/null| xxd -p -c 64`
-KEY2=0x`dd if=/dev/urandom count=32 bs=1 2> /dev/null| xxd -p -c 64`
-echo KEY1 = $KEY1
-echo KEY2 = $KEY2
-ID=0x`dd if=/dev/urandom count=4 bs=1 2> /dev/null| xxd -p -c 8`
-echo "spdflush; flush;" | sudo setkey -c
-echo ip xfrm state add src $SRC dst $DST proto esp spi $ID reqid $ID mode tunnel auth sha256 $KEY1 enc aes $KEY2
-sudo ip xfrm state add src $SRC dst $DST proto esp spi $ID reqid $ID mode tunnel auth sha256 $KEY1 enc aes $KEY2
-echo ip xfrm state add src $DST dst $SRC proto esp spi $ID reqid $ID mode tunnel auth sha256 $KEY1 enc aes $KEY2
-sudo ip xfrm state add src $DST dst $SRC proto esp spi $ID reqid $ID mode tunnel auth sha256 $KEY1 enc aes $KEY2
-echo ip xfrm policy add src $LOCAL dst $REMOTE dir out tmpl src $SRC dst $DST proto esp reqid $ID mode tunnel
-sudo ip xfrm policy add src $LOCAL dst $REMOTE dir out tmpl src $SRC dst $DST proto esp reqid $ID mode tunnel
-echo ip xfrm policy add src $REMOTE dst $LOCAL dir in tmpl src $DST dst $SRC proto esp reqid $ID mode tunnel
-sudo ip xfrm policy add src $REMOTE dst $LOCAL dir in tmpl src $DST dst $SRC proto esp reqid $ID mode tunnel
-#echo 5
-#sudo ip addr add $LOCAL dev lo
-#echo 6
-#sudo ip route add $REMOTE dev eth0 src $LOCAL
-ssh $DST /bin/bash << EOF
-    echo "spdflush; flush;" | sudo setkey -c
-    sudo ip xfrm state add src $SRC dst $DST proto esp spi $ID reqid $ID mode tunnel auth sha256 $KEY1 enc aes $KEY2
-    sudo ip xfrm state add src $DST dst $SRC proto esp spi $ID reqid $ID mode tunnel auth sha256 $KEY1 enc aes $KEY2
-    sudo ip xfrm policy add src $REMOTE dst $LOCAL dir out tmpl src $DST dst $SRC proto esp reqid $ID mode tunnel
-    sudo ip xfrm policy add src $LOCAL dst $REMOTE dir in tmpl src $SRC dst $DST proto esp reqid $ID mode tunnel
-#    sudo ip addr add $REMOTE dev lo
-#    sudo ip route add $LOCAL dev eth0 src $REMOTE
-EOF
-</pre>
-=Links=
-*https://gist.github.com/vishvananda/7094676

IP Utils Esp: Unterschied zwischen den Versionen

Aktuelle Version vom 22. Oktober 2017, 06:51 Uhr

Navigationsmenü

Suche