strongswan5.1.2 on ubuntu14.04 (net-net with psk)


The network topology:

client1: ubuntu14.04 server  eth0 ip: 10.1.0.10/24         ---->c1
client2: ubuntu14.04 server  eth0 ip: 10.2.0.10/24         ---->c2
gateway1: ubuntu14.04 server eth1 ip: 10.1.0.1/24 eth0 ip: 192.168.0.1/24   --->g1
gateway2: ubuntu14.04 server eth1 ip: 10.2.0.1/24 eth0 ip: 192.168.0.2/24   --->g2

c1(eth0:10.1.0.10/24)<---->(eth1:10.1.0.1/24)g1(eth0:192.168.0.1/24)<---->(eth0:192.168.0.2/24)g2(eth1:10.1.0.1/24)<---->(eth0:10.2.0.10/24)c2
|-------------------switch 1------------|        |------------switch 0----------------|             |--------------switch 2------------|

That is, eth0 of c1 and eth1 of g1 are in switch 1.
eth0 of g1 and eth0 of g2 are in switch 0.
eth1 of g2 and eth0 of c2 are in switch 2.

Before making tests, please make sure that you can ping from c1 to c2 through switch 0.
1. on g1:

run apt-get install strongswan*

a)
ip addr add 192.168.0.1/24 dev eth0
ip link set eth0 up
ip addr add 10.1.0.1/24 dev eth1
ip link set eth1 up

b)
ip route add default via 192.168.0.2 dev eth0

c) /etc/ipsec.conf
config setup

conn %default
    ikelifetime=60m
    keylife=20m
    rekeymargin=3m
    keyingtries=1
    authby=secret
    keyexchange=ikev2
    mobike=no

conn net-net
    left=192.168.0.1
    leftsubnet=10.1.0.0/16
    leftid=@moon.strongswan.org
    leftfirewall=yes
    right=192.168.0.2
    rightsubnet=10.2.0.0/16
    rightid=@sun.strongswan.org
    auto=add
d) /etc/ipsec.secrets
: PSK "nokia"

2. on g2

apt-get install strongswan*

a)
ip addr add 192.168.0.2/24 dev eth0
ip link set eth0 up
ip addr add 10.2.0.1/24 dev eth1
ip link set eth1 up

b)
ip route add default via 192.168.0.1 dev eth0

c) /etc/ipsec.conf
config setup

conn %default
    ikelifetime=60m
    keylife=20m
    rekeymargin=3m
    keyingtries=1
    authby=secret
    keyexchange=ikev2
    mobike=no

conn net-net
    left=192.168.0.2
    leftsubnet=10.2.0.0/16
    leftid=@sun.strongswan.org
    leftfirewall=yes
    right=192.168.0.1
    rightsubnet=10.1.0.0/16
    rightid=@moon.strongswan.org
    auto=add

d) /etc/ipsec.secrets
: PSK "nokia"

3. on c1
a)
ip addr add 10.1.0.10/24 dev eth0

b)
ip route add default via 10.1.0.1 dev eth0

4. on c2
a)
ip addr add 10.2.0.10/24 dev eth0

b)
ip route add default via 10.2.0.1 dev eth0

5. on g1
run this command: ipsec restart

6. on g2
run this command: ipsec restart

7. on g1
run this command: ipsec up net-net

8. on c1
run this command: ping 10.2.0.10

9. on g1, g2
run this command: tcpdump -ni eth0 esp

You will find the tcpdump output.
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

mounter625

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值