[Linuxtrent] Re: Freeswan
- From: compact <compact.compact@xxxxxxxxxx>
- To: linuxtrent@xxxxxxxxxxxxx
- Date: Sun, 19 Dec 2004 20:13:12 +0100
Potrebbe andare bene uno schema cosi composto
host-a => host-b(nat,freeswan) => host-c(routing) =>
host-d(nat,freeswan) => host-e
La configurazione degli host coinvolti la ipotizzo piu' o meno questa:
------------------------------------------------------------------------------------
host-a:~# ifconfig eth0 192.168.0.1 netmask 255.255.255.0 broadcast
192.168.0.255
host-a:~# route add default 192.168.0.254
host-a:~# ping -c 1 192.168.3.1; ssh my_user_host_e@xxxxxxxxxxx
------------------------------------------------------------------------------------
------------------------------------------------------------------------------------
host-b:~# ifconfig eth0 192.168.0.254 netmask 255.255.255.0 broadcast
192.168.0.255
host-b:~# ifconfig eth1 192.168.1.254 netmask 255.255.255.0 broadcast
192.168.1.255
host-b:~# route add default 192.168.1.253
host-b:~# echo "1" > /proc/sys/net/ipv4/ip_forward
host-b:~# iptables -t NAT -A POSTROUTING -o eth1 -j MASQUERADE
host-b:~# /etc/init.d/freeswan restart
host-b:~# cat /etc/ipsec.conf
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
conn %default
keyingtries=0
disablearrivalcheck=no
authby=rsasig
leftrsasingkey=%dns
rigthrsasigkey=%dns
conn prova
left=192.168.2.254
leftsubnet=192.168.3.0/24
leftnexthop=192.168.2.253
rigth=192.168.1.254
rigthsubnet=192.168.0.0/24
rigthnexthop=192.168.1.253
auto=start
------------------------------------------------------------------------------------
------------------------------------------------------------------------------------
host-c:~# ifconfig eth0 192.168.1.253 netmask 255.255.255.0 broadcast
192.168.1.255
host-c:~# ifconfig eth1 192.168.2.253 netmask 255.255.255.0 broadcast
192.168.2.255
host-c:~# tcpdump -i any -n > sniff
------------------------------------------------------------------------------------
------------------------------------------------------------------------------------
host-d:~# ifconfig eth0 192.168.2.254 netmask 255.255.255.0 broadcast
192.168.1.255
host-d:~# ifconfig eth1 192.168.3.254 netmask 255.255.255.0 broadcast
192.168.2.255
host-d:~# route add default 192.168.2.253
host-d:~# echo "1" > /proc/sys/net/ipv4/ip_forward
host-d:~# iptables -t NAT -A POSTROUTING -o eth0 -j MASQUERADE
host-d:~# /etc/init.d/freeswan restart
host-b:~# cat /etc/ipsec.conf
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
conn %default
keyingtries=0
disablearrivalcheck=no
authby=rsasig
leftrsasingkey=%dns
rigthrsasigkey=%dns
conn prova
left=192.168.2.254
leftsubnet=192.168.3.0/24
leftnexthop=192.168.2.253
rigth=192.168.1.254
rigthsubnet=192.168.0.0/24
rigthnexthop=192.168.1.253
auto=start
------------------------------------------------------------------------------------
------------------------------------------------------------------------------------
host-e:~# ifconfig eth0 192.168.3.1 netmask 255.255.255.0 broadcast
192.168.3.255
host-e:~# route add default 192.168.3.254
host-a:~# ping -c 1 192.168.0.1; ssh my_user_host_a@xxxxxxxxxxx
------------------------------------------------------------------------------------
--
Per iscriversi (o disiscriversi), basta spedire un messaggio con OGGETTO
"subscribe" (o "unsubscribe") a mailto:linuxtrent-request@xxxxxxxxxxxxx
Other related posts:
