[Linuxtrent] Freeswan - VMware

  • From: compact <compact.compact@xxxxxxxxxx>
  • To: linuxtrent@xxxxxxxxxxxxx
  • Date: Wed, 29 Dec 2004 20:02:24 +0100

Alle 20:13, domenica 19 dicembre 2004, hai scritto:
> Potrebbe andare bene uno schema cosi composto
>
> host-a => host-b(nat,freeswan) => host-c(routing) =>
> host-d(nat,freeswan) => host-e
>
> La configurazione degli host coinvolti la ipotizzo piu' o meno
> questa:
>
> ---------------------------------------------------------------------
> host-a:~# ifconfig eth0 192.168.0.1 netmask
> 255.255.255.0 broadcast 192.168.0.255
> host-a:~# route add default 192.168.0.254
> host-a:~# ping -c 1 192.168.3.1; ssh my_user_host_e@xxxxxxxxxxx
> ---------------------------------------------------------------------
>
> ---------------------------------------------------------------------
> host-b:~# ifconfig eth0 192.168.0.254 netmask
> 255.255.255.0 broadcast 192.168.0.255
> host-b:~# ifconfig eth1 192.168.1.254 netmask 255.255.255.0 broadcast
> 192.168.1.255
> host-b:~# route add default 192.168.1.253
> host-b:~# echo "1" > /proc/sys/net/ipv4/ip_forward
> host-b:~# iptables -t NAT -A POSTROUTING -o eth1 -j MASQUERADE
> host-b:~# /etc/init.d/freeswan restart
> host-b:~# cat /etc/ipsec.conf
>     config setup
>         interfaces=%defaultroute
>         klipsdebug=none
>         plutodebug=none
>         plutoload=%search
>         plutostart=%search
>         uniqueids=yes
>     conn %default
>         keyingtries=0
>         disablearrivalcheck=no
>         authby=rsasig
>         leftrsasingkey=%dns
>         rigthrsasigkey=%dns
>     conn prova
>         left=192.168.2.254
>         leftsubnet=192.168.3.0/24
>         leftnexthop=192.168.2.253
>         rigth=192.168.1.254
>         rigthsubnet=192.168.0.0/24
>         rigthnexthop=192.168.1.253
>         auto=start
> ---------------------------------------------------------------------
>
> ---------------------------------------------------------------------
> host-c:~# ifconfig eth0 192.168.1.253 netmask
> 255.255.255.0 broadcast 192.168.1.255
> host-c:~# ifconfig eth1 192.168.2.253 netmask 255.255.255.0 broadcast
> 192.168.2.255
> host-c:~# tcpdump -i any -n > sniff
> ---------------------------------------------------------------------
>
> ---------------------------------------------------------------------
> host-d:~# ifconfig eth0 192.168.2.254 netmask
> 255.255.255.0 broadcast 192.168.1.255
> host-d:~# ifconfig eth1 192.168.3.254 netmask 255.255.255.0 broadcast
> 192.168.2.255
> host-d:~# route add default 192.168.2.253
> host-d:~# echo "1" > /proc/sys/net/ipv4/ip_forward
> host-d:~# iptables -t NAT -A POSTROUTING -o eth0 -j MASQUERADE
> host-d:~# /etc/init.d/freeswan restart
> host-b:~# cat /etc/ipsec.conf
>     config setup
>         interfaces=%defaultroute
>         klipsdebug=none
>         plutodebug=none
>         plutoload=%search
>         plutostart=%search
>         uniqueids=yes
>     conn %default
>         keyingtries=0
>         disablearrivalcheck=no
>         authby=rsasig
>         leftrsasingkey=%dns
>         rigthrsasigkey=%dns
>     conn prova
>         left=192.168.2.254
>         leftsubnet=192.168.3.0/24
>         leftnexthop=192.168.2.253
>         rigth=192.168.1.254
>         rigthsubnet=192.168.0.0/24
>         rigthnexthop=192.168.1.253
>         auto=start
> ---------------------------------------------------------------------
>
> ---------------------------------------------------------------------
> host-e:~# ifconfig eth0 192.168.3.1 netmask
> 255.255.255.0 broadcast 192.168.3.255
> host-e:~# route add default 192.168.3.254
> host-a:~# ping -c 1 192.168.0.1; ssh my_user_host_a@xxxxxxxxxxx
> ---------------------------------------------------------------------

Sapete dirmi se posso creare un ambiente simile con delle macchine
virtuali con vmware

--
Per iscriversi  (o disiscriversi), basta spedire un  messaggio con OGGETTO
"subscribe" (o "unsubscribe") a mailto:linuxtrent-request@xxxxxxxxxxxxx

Other related posts:

  • » [Linuxtrent] Freeswan - VMware
  1. Home
  2. linuxtrent
  3. Archive
  4. 12-2004