IP Utils Esp

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen

Prinzip

tic

ip xfrm state add src 192.168.244.53 dst 192.168.244.52  proto esp spi 0x12345678 \
reqid 0x12345678 mode tunnel auth sha256 0x1234567890123456789012345678901234567890123456789012345678901234 \
enc aes 0x0000123456789012345678901234567890123456789012345678901234567890

ip xfrm state add src 192.168.244.52 dst 192.168.244.53  proto esp spi 0x12345678 \
reqid 0x12345678 mode tunnel auth sha256 0x1234567890123456789012345678901234567890123456789012345678901234 \
enc aes 0x0000123456789012345678901234567890123456789012345678901234567890

ip xfrm policy add src 10.10.53.0/24 dst 10.10.52.0/24 dir out tmpl src 192.168.244.53 dst 192.168.244.52 \ 
proto esp reqid 0x12345678 mode tunnel

ip xfrm policy add src 10.10.52.0/24 dst 10.10.53.0/24 dir out tmpl src 192.168.244.52 dst 192.168.244.53 \
proto esp reqid 0x12345678 mode tunnel

Skript

  • /usr/local/sbin/tunnel.sh
#!/bin/bashWireshark VPN entschlüsseln

if [ "$4" == "" ]; then
    echo "usage: $0 <local_ip> <remote_ip> <new_local_ip> <new_remote_ip>"
    echo "creates an ipsec tunnel between two machines"
    exit 1
fi

SRC="$1"; shift
DST="$1"; shift
LOCAL="$1"; shift
REMOTE="$1"; shift

KEY1=0x`dd if=/dev/urandom count=32 bs=1 2> /dev/null| xxd -p -c 64`
KEY2=0x`dd if=/dev/urandom count=32 bs=1 2> /dev/null| xxd -p -c 64`
echo KEY1 = $KEY1
echo KEY2 = $KEY2
ID=0x`dd if=/dev/urandom count=4 bs=1 2> /dev/null| xxd -p -c 8`

echo "spdflush; flush;" | sudo setkey -c
echo ip xfrm state add src $SRC dst $DST proto esp spi $ID reqid $ID mode tunnel auth sha256 $KEY1 enc aes $KEY2
sudo ip xfrm state add src $SRC dst $DST proto esp spi $ID reqid $ID mode tunnel auth sha256 $KEY1 enc aes $KEY2
echo ip xfrm state add src $DST dst $SRC proto esp spi $ID reqid $ID mode tunnel auth sha256 $KEY1 enc aes $KEY2
sudo ip xfrm state add src $DST dst $SRC proto esp spi $ID reqid $ID mode tunnel auth sha256 $KEY1 enc aes $KEY2
echo ip xfrm policy add src $LOCAL dst $REMOTE dir out tmpl src $SRC dst $DST proto esp reqid $ID mode tunnel
sudo ip xfrm policy add src $LOCAL dst $REMOTE dir out tmpl src $SRC dst $DST proto esp reqid $ID mode tunnel
echo ip xfrm policy add src $REMOTE dst $LOCAL dir in tmpl src $DST dst $SRC proto esp reqid $ID mode tunnel
sudo ip xfrm policy add src $REMOTE dst $LOCAL dir in tmpl src $DST dst $SRC proto esp reqid $ID mode tunnel
#echo 5
#sudo ip addr add $LOCAL dev lo
#echo 6
#sudo ip route add $REMOTE dev eth0 src $LOCAL


ssh $DST /bin/bash << EOF
    echo "spdflush; flush;" | sudo setkey -c
    sudo ip xfrm state add src $SRC dst $DST proto esp spi $ID reqid $ID mode tunnel auth sha256 $KEY1 enc aes $KEY2
    sudo ip xfrm state add src $DST dst $SRC proto esp spi $ID reqid $ID mode tunnel auth sha256 $KEY1 enc aes $KEY2
    sudo ip xfrm policy add src $REMOTE dst $LOCAL dir out tmpl src $DST dst $SRC proto esp reqid $ID mode tunnel
    sudo ip xfrm policy add src $LOCAL dst $REMOTE dir in tmpl src $SRC dst $DST proto esp reqid $ID mode tunnel
#    sudo ip addr add $REMOTE dev lo
#    sudo ip route add $LOCAL dev eth0 src $REMOTE
EOF

Links

Abgerufen von „http://wiki.ixheim.de/index.php?title=IP_Utils_Esp&oldid=11491