Difference between revisions of "Talk:Winter 2009 NAD810 Weekly Schedule"
Bossa nesta (talk | contribs) (Created page with '=VPN/IPSec for Dumpling= == Tut(incompleted)== <pre> = First, install openswan and the ipsec-tools yum -y intsall openswan ipsec-tools = then run the script 'ip_sec.sh' below -...') |
Bossa nesta (talk | contribs) (→Tut(incompleted)) |
||
Line 1: | Line 1: | ||
=VPN/IPSec for Dumpling= | =VPN/IPSec for Dumpling= | ||
− | == Tut( | + | == Tut(In Progress)== |
<pre> | <pre> | ||
= First, install openswan and the ipsec-tools | = First, install openswan and the ipsec-tools | ||
Line 56: | Line 56: | ||
netstat -anu | grep 500 | netstat -anu | grep 500 | ||
</pre> | </pre> | ||
+ | |||
==CAPTURES AND SAMPLES FILES== | ==CAPTURES AND SAMPLES FILES== | ||
<pre> | <pre> |
Revision as of 15:45, 12 April 2009
VPN/IPSec for Dumpling
Tut(In Progress)
= First, install openswan and the ipsec-tools yum -y intsall openswan ipsec-tools = then run the script 'ip_sec.sh' below ---------------------------------------------- [root@NesEeeF10 ~]# cat ip_sec.sh #ip_sec.sh # # fix forward error in ipsec verify for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $f; done for f in /proc/sys/net/ipv4/conf/*/send_redirects; do echo 0 > $f; done # # make sure network have the newly edited file service network restart # # assign the external address, of course, it's fake in this case ifconfig eth0 222.222.222.222/24 # # run the firewall also script if you need iptables -t nat -A POSTROUTING -o eth0 -s 192.168.110.0/24 -d \! 192.168.102.0/24 -j MASQUERADE ---------------------------------------------- = now, generaate the key, this may take a while, if you're genenerating from ur VM ipsec rsasigkey --verbose 2048 > /etc/ipsec.d/neseeef10.secrets = make sure that secrets key is in value format, it has to be in this format @llll.lll: rsa { # llll.lll should be you left side's host name Modulus: ... ... } # and end with this at the end of the file = now, filter the key for left side ipsec showhostkey --left = copy the entry of the out put and use it in /etc/ipsec.conf, 'leftrsasigkey=' entry = do the same for right side, ipsec showhostkey --right = copy the entry of the out put and use it in /etc/ipsec.conf, 'rightrsasigkey=' entry = follow the ipsec.conf sample below to make ur own conf file = now, restart ipsec, service ipsec restart = check if ipsec is really running service ipsec status netstat -anu | grep 500
CAPTURES AND SAMPLES FILES
======================================================== CAPTURES AND SAMPLES FILES ======================================================== [root@NesEeeF10 ~]# netstat -anu | grep 500 udp 0 0 127.0.0.1:500 0.0.0.0:* udp 0 0 222.222.222.222:500 0.0.0.0:* udp 0 0 10.0.2.5:500 0.0.0.0:* udp 0 0 192.168.110.1:500 0.0.0.0:* udp 0 0 ::1:500 :::* ============================ [root@NesEeeF10 ~]# cat /etc/ipsec.d/neseeef10.secrets # RSA 2048 bits NesEeeF10 Sun Apr 12 13:54:58 2009 # for signatures only, UNSAFE FOR ENCRYPTION #pubkey=0sAQO5cTz0Y5zTQc7AWUJWaXOSSDbxac0tj7F1AqeZMJ+CrvZSZpuLrzazdpVkuB+0DnZQVSCgIlEKwKnlphC7DwQBvWpXish9sjp5+t6FR8CcbubWZ110YQKSr13LSXh4C1M2A659U/an5aiv6A+Vbu+WW+wq/iDZTUQjbiVH1R1eihSHkYu1DHxmTKKlXCjq7NcE8wtx5n7vHeUwnUc66y1MhyJ9rukR9XB/MRrC/ydgCyelJIUueV6V210Cdk2NVglzWOzJJRI4rUsSSXXN+wxfSkCccSq/b9zRg4xyzrFitx3uoniIPRTpXncJQ7YxsTuKPkJqgbE51kh00atpxDop @NesEeeF10: rsa { Modulus: 0xb9713cf4639cd341cec05942566973924836f169cd2d8fb17502a799309f82aef652669b8baf36b3769564b81fb40e76505520a022510ac0a9e5a610bb0f0401bd6a578ac87db23a79fade8547c09c6ee6d6675d74610292af5dcb4978780b533603ae7d53f6a7e5a8afe80f956eef965bec2afe20d94d44236e2547d51d5e8a1487918bb50c7c664ca2a55c28eaecd704f30b71e67eef1de5309d473aeb2d4c87227daee911f5707f311ac2ff27600b27a524852e795e95db5d02764d8d56097358ecc9251238ad4b124975cdfb0c5f4a409c712abf6fdcd1838c72ceb162b71deea278883d14e95e770943b631b13b8a3e426a81b139d64874d1ab69c43a29 PublicExponent: 0x03 # everything after this point is secret PrivateExponent: 0x07ba0d34d97bde22bdf2ae62c399ba2618579f64688c90a764e01c510cb1501c9f98c4467b274cf224f0e43256a7809a4358e15c016e0b1d5c69919607cb4ad567e46e5073053cc26fbfc9458da806849ef399a3e4d9601b71f93dcdba5a55ce2240274538d4f1a991b1ff00a639f4a643d481ca96b3b88d8179ec38538be3f0592274feb90a45ea3775a006935462fe84bcaa71279ec915425318f83e80fbeec1f2d99a91fa5a2b17469b9844e48938686196098d350611072ae12a88ba0cbda56bcfca797ad717f6abf1c9ef74051acbc4ee36061f74fa0add0267f5b5df2fc684b045b7e858218fc8cb5b7594c1d4edc370a69d1420b94ccd1c618d58a3fb Prime1: 0xff7a59f35caf611e9881fc332653c859943a5c91bc04abe8cfcf50529aee10a4f72013df040bb9cb724b0b2d539fd8b667b3dd0f5162855b9cd1f05c96e85bebb2ec3bfe7454730ed79cf52c74d5d98aad92319d16e206e5f53b7208a29f43cc228741455595bbd94474ab970fd94b42045a6d3627533dce2135466b28848dd9 Prime2: 0xb9d23fb6ff668d528119a88b32addca0ff08b44473976936dd96f5aec3e57e45613e0352358dc79ade47794f361aaa0af6cb3690a01e47a19285f61ce533c8563e5135cf4d399b5f5356a95ae644b851823815c380ea7185d78fe0ab230532705ef6daa9f4df15ea9f2f4d19a0663a033b914595a07aeaa8f404e21b00f04cd1 Exponent1: 0xaa51914ce874eb69bb0152ccc437dae662d1930bd2adc7f08a8a358c6749606dfa156294ad5d2687a1875cc8e26a90799a77e8b4e0ec58e7bde14ae8649ae7f2774827fef8384cb48fbdf8c84de3e65c73b6cbbe0f4159eea37cf6b06c6a2d32c1af80d8e3b927e62da31d0f5fe6322c02e6f3796f8cd3dec0ce2ef21b03093b Exponent2: 0x7be17fcf54ef08e1ab66705ccc73e86b54b0782da264f0cf3e64a3c9d7ee542e40d40236ce5e8511e984fb8a2411c6b1f9dccf0b1569851661aea4134377dae4298b7934de266794e239c63c9983258bac2563d7ab46f6593a5feb1cc20376f594a491c6a33f63f1bf74de1115997c0227b62e63c051f1c5f803416755f5888b Coefficient: 0xb3df512616fea4066574a461ca25a88cc2ebb84846fd36f4d700f882dabc830768e1ef0e15479433cbbe0d9f58e941c11f99e256028449e4cbd5107b75f9e503c8559e486896702f99276469a319007db223c317f731d3f2edf586e0a229f1a78c0aa5c20d538714ce11ae4485f4554181c4770ef222512213f216991761c225 } ================================ [root@NesEeeF10 ~]# cat /etc/ipsec.conf # basic configuration config setup interfaces="ipsec0=eth0" klipsdebug=all plutodebug=all # plutoload=%search # plutostart=%search # sample connection conn nesvpn # replace 'nesvpn' to your connection name left=222.222.222.222 leftsubnet=192.168.110.0/24 leftnexthop=%defaultroute leftrsasigkey=0sAQO5cTz0Y5zTQc7AWUJWaXOSSDbxac0tj7F1AqeZMJ+CrvZSZpuLrzazdpVkuB+0DnZQVSCgIlEKwKnlphC7DwQBvWpXish9sjp5+t6FR8CcbubWZ110YQKSr13LSXh4C1M2A659U/an5aiv6A+Vbu+WW+wq/iDZTUQjbiVH1R1eihSHkYu1DHxmTKKlXCjq7NcE8wtx5n7vHeUwnUc66y1MhyJ9rukR9XB/MRrC/ydgCyelJIUueV6V210Cdk2NVglzWOzJJRI4rUsSSXXN+wxfSkCccSq/b9zRg4xyzrFitx3uoniIPRTpXncJQ7YxsTuKPkJqgbE51kh00atpxDop # leftid=@__hostname.com right=111.111.111.111 rightsubnet=192.168.102.0/24 rightnexthop=%defaultroute rightrsasigkey=0sAQO5cTz0Y5zTQc7AWUJWaXOSSDbxac0tj7F1AqeZMJ+CrvZSZpuLrzazdpVkuB+0DnZQVSCgIlEKwKnlphC7DwQBvWpXish9sjp5+t6FR8CcbubWZ110YQKSr13LSXh4C1M2A659U/an5aiv6A+Vbu+WW+wq/iDZTUQjbiVH1R1eihSHkYu1DHxmTKKlXCjq7NcE8wtx5n7vHeUwnUc66y1MhyJ9rukR9XB/MRrC/ydgCyelJIUueV6V210Cdk2NVglzWOzJJRI4rUsSSXXN+wxfSkCccSq/b9zRg4xyzrFitx3uoniIPRTpXncJQ7YxsTuKPkJqgbE51kh00atpxDop keyingtries=0 # auth=ah auto=start # auto=add =================================