Difference between revisions of "Talk:Winter 2009 NAD810 Weekly Schedule"
Bossa nesta (talk | contribs) (Created page with '=VPN/IPSec for Dumpling= == Tut(incompleted)== <pre> = First, install openswan and the ipsec-tools yum -y intsall openswan ipsec-tools = then run the script 'ip_sec.sh' below -...') |
Bossa nesta (talk | contribs) (→Configuration - Right) |
||
(4 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | =VPN/IPSec for Dumpling= | + | =VPN/IPSec for Dumpling(In Progress)= |
− | == | + | == Configuration - Left == |
<pre> | <pre> | ||
= First, install openswan and the ipsec-tools | = First, install openswan and the ipsec-tools | ||
Line 56: | Line 56: | ||
netstat -anu | grep 500 | netstat -anu | grep 500 | ||
</pre> | </pre> | ||
− | == | + | |
+ | ==Captures aNd Sample Files== | ||
<pre> | <pre> | ||
======================================================== | ======================================================== | ||
− | CAPTURES AND | + | CAPTURES AND SAMPLE FILES |
======================================================== | ======================================================== | ||
Line 118: | Line 119: | ||
================================= | ================================= | ||
+ | </pre> | ||
+ | |||
+ | ==Configuration - Right== | ||
+ | <pre> | ||
+ | copy the exactly same configuration file from left. and Make sure all character look the same, especially the key. Start up VPN and try to connect. You should be connected in no time. | ||
+ | |||
</pre> | </pre> |
Latest revision as of 08:49, 26 April 2009
Contents
VPN/IPSec for Dumpling(In Progress)
Configuration - Left
= First, install openswan and the ipsec-tools yum -y intsall openswan ipsec-tools = then run the script 'ip_sec.sh' below ---------------------------------------------- [root@NesEeeF10 ~]# cat ip_sec.sh #ip_sec.sh # # fix forward error in ipsec verify for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $f; done for f in /proc/sys/net/ipv4/conf/*/send_redirects; do echo 0 > $f; done # # make sure network have the newly edited file service network restart # # assign the external address, of course, it's fake in this case ifconfig eth0 222.222.222.222/24 # # run the firewall also script if you need iptables -t nat -A POSTROUTING -o eth0 -s 192.168.110.0/24 -d \! 192.168.102.0/24 -j MASQUERADE ---------------------------------------------- = now, generaate the key, this may take a while, if you're genenerating from ur VM ipsec rsasigkey --verbose 2048 > /etc/ipsec.d/neseeef10.secrets = make sure that secrets key is in value format, it has to be in this format @llll.lll: rsa { # llll.lll should be you left side's host name Modulus: ... ... } # and end with this at the end of the file = now, filter the key for left side ipsec showhostkey --left = copy the entry of the out put and use it in /etc/ipsec.conf, 'leftrsasigkey=' entry = do the same for right side, ipsec showhostkey --right = copy the entry of the out put and use it in /etc/ipsec.conf, 'rightrsasigkey=' entry = follow the ipsec.conf sample below to make ur own conf file = now, restart ipsec, service ipsec restart = check if ipsec is really running service ipsec status netstat -anu | grep 500
Captures aNd Sample Files
======================================================== CAPTURES AND SAMPLE FILES ======================================================== [root@NesEeeF10 ~]# netstat -anu | grep 500 udp 0 0 127.0.0.1:500 0.0.0.0:* udp 0 0 222.222.222.222:500 0.0.0.0:* udp 0 0 10.0.2.5:500 0.0.0.0:* udp 0 0 192.168.110.1:500 0.0.0.0:* udp 0 0 ::1:500 :::* ============================ [root@NesEeeF10 ~]# cat /etc/ipsec.d/neseeef10.secrets # RSA 2048 bits NesEeeF10 Sun Apr 12 13:54:58 2009 # for signatures only, UNSAFE FOR ENCRYPTION #pubkey=0sAQO5cTz0Y5zTQc7AWUJWaXOSSDbxac0tj7F1AqeZMJ+CrvZSZpuLrzazdpVkuB+0DnZQVSCgIlEKwKnlphC7DwQBvWpXish9sjp5+t6FR8CcbubWZ110YQKSr13LSXh4C1M2A659U/an5aiv6A+Vbu+WW+wq/iDZTUQjbiVH1R1eihSHkYu1DHxmTKKlXCjq7NcE8wtx5n7vHeUwnUc66y1MhyJ9rukR9XB/MRrC/ydgCyelJIUueV6V210Cdk2NVglzWOzJJRI4rUsSSXXN+wxfSkCccSq/b9zRg4xyzrFitx3uoniIPRTpXncJQ7YxsTuKPkJqgbE51kh00atpxDop @NesEeeF10: rsa { Modulus: 0xb9713cf4639cd341cec05942566973924836f169cd2d8fb17502a799309f82aef652669b8baf36b3769564b81fb40e76505520a022510ac0a9e5a610bb0f0401bd6a578ac87db23a79fade8547c09c6ee6d6675d74610292af5dcb4978780b533603ae7d53f6a7e5a8afe80f956eef965bec2afe20d94d44236e2547d51d5e8a1487918bb50c7c664ca2a55c28eaecd704f30b71e67eef1de5309d473aeb2d4c87227daee911f5707f311ac2ff27600b27a524852e795e95db5d02764d8d56097358ecc9251238ad4b124975cdfb0c5f4a409c712abf6fdcd1838c72ceb162b71deea278883d14e95e770943b631b13b8a3e426a81b139d64874d1ab69c43a29 PublicExponent: 0x03 # everything after this point is secret PrivateExponent: 0x07ba0d34d97bde22bdf2ae62c399ba2618579f64688c90a764e01c510cb1501c9f98c4467b274cf224f0e43256a7809a4358e15c016e0b1d5c69919607cb4ad567e46e5073053cc26fbfc9458da806849ef399a3e4d9601b71f93dcdba5a55ce2240274538d4f1a991b1ff00a639f4a643d481ca96b3b88d8179ec38538be3f0592274feb90a45ea3775a006935462fe84bcaa71279ec915425318f83e80fbeec1f2d99a91fa5a2b17469b9844e48938686196098d350611072ae12a88ba0cbda56bcfca797ad717f6abf1c9ef74051acbc4ee36061f74fa0add0267f5b5df2fc684b045b7e858218fc8cb5b7594c1d4edc370a69d1420b94ccd1c618d58a3fb Prime1: 0xff7a59f35caf611e9881fc332653c859943a5c91bc04abe8cfcf50529aee10a4f72013df040bb9cb724b0b2d539fd8b667b3dd0f5162855b9cd1f05c96e85bebb2ec3bfe7454730ed79cf52c74d5d98aad92319d16e206e5f53b7208a29f43cc228741455595bbd94474ab970fd94b42045a6d3627533dce2135466b28848dd9 Prime2: 0xb9d23fb6ff668d528119a88b32addca0ff08b44473976936dd96f5aec3e57e45613e0352358dc79ade47794f361aaa0af6cb3690a01e47a19285f61ce533c8563e5135cf4d399b5f5356a95ae644b851823815c380ea7185d78fe0ab230532705ef6daa9f4df15ea9f2f4d19a0663a033b914595a07aeaa8f404e21b00f04cd1 Exponent1: 0xaa51914ce874eb69bb0152ccc437dae662d1930bd2adc7f08a8a358c6749606dfa156294ad5d2687a1875cc8e26a90799a77e8b4e0ec58e7bde14ae8649ae7f2774827fef8384cb48fbdf8c84de3e65c73b6cbbe0f4159eea37cf6b06c6a2d32c1af80d8e3b927e62da31d0f5fe6322c02e6f3796f8cd3dec0ce2ef21b03093b Exponent2: 0x7be17fcf54ef08e1ab66705ccc73e86b54b0782da264f0cf3e64a3c9d7ee542e40d40236ce5e8511e984fb8a2411c6b1f9dccf0b1569851661aea4134377dae4298b7934de266794e239c63c9983258bac2563d7ab46f6593a5feb1cc20376f594a491c6a33f63f1bf74de1115997c0227b62e63c051f1c5f803416755f5888b Coefficient: 0xb3df512616fea4066574a461ca25a88cc2ebb84846fd36f4d700f882dabc830768e1ef0e15479433cbbe0d9f58e941c11f99e256028449e4cbd5107b75f9e503c8559e486896702f99276469a319007db223c317f731d3f2edf586e0a229f1a78c0aa5c20d538714ce11ae4485f4554181c4770ef222512213f216991761c225 } ================================ [root@NesEeeF10 ~]# cat /etc/ipsec.conf # basic configuration config setup interfaces="ipsec0=eth0" klipsdebug=all plutodebug=all # plutoload=%search # plutostart=%search # sample connection conn nesvpn # replace 'nesvpn' to your connection name left=222.222.222.222 leftsubnet=192.168.110.0/24 leftnexthop=%defaultroute leftrsasigkey=0sAQO5cTz0Y5zTQc7AWUJWaXOSSDbxac0tj7F1AqeZMJ+CrvZSZpuLrzazdpVkuB+0DnZQVSCgIlEKwKnlphC7DwQBvWpXish9sjp5+t6FR8CcbubWZ110YQKSr13LSXh4C1M2A659U/an5aiv6A+Vbu+WW+wq/iDZTUQjbiVH1R1eihSHkYu1DHxmTKKlXCjq7NcE8wtx5n7vHeUwnUc66y1MhyJ9rukR9XB/MRrC/ydgCyelJIUueV6V210Cdk2NVglzWOzJJRI4rUsSSXXN+wxfSkCccSq/b9zRg4xyzrFitx3uoniIPRTpXncJQ7YxsTuKPkJqgbE51kh00atpxDop # leftid=@__hostname.com right=111.111.111.111 rightsubnet=192.168.102.0/24 rightnexthop=%defaultroute rightrsasigkey=0sAQO5cTz0Y5zTQc7AWUJWaXOSSDbxac0tj7F1AqeZMJ+CrvZSZpuLrzazdpVkuB+0DnZQVSCgIlEKwKnlphC7DwQBvWpXish9sjp5+t6FR8CcbubWZ110YQKSr13LSXh4C1M2A659U/an5aiv6A+Vbu+WW+wq/iDZTUQjbiVH1R1eihSHkYu1DHxmTKKlXCjq7NcE8wtx5n7vHeUwnUc66y1MhyJ9rukR9XB/MRrC/ydgCyelJIUueV6V210Cdk2NVglzWOzJJRI4rUsSSXXN+wxfSkCccSq/b9zRg4xyzrFitx3uoniIPRTpXncJQ7YxsTuKPkJqgbE51kh00atpxDop keyingtries=0 # auth=ah auto=start # auto=add =================================
Configuration - Right
copy the exactly same configuration file from left. and Make sure all character look the same, especially the key. Start up VPN and try to connect. You should be connected in no time.