The network topology:
client1: ubuntu14.04 server eth0 ip: 10.1.0.10/24 ---->c1
client2: ubuntu14.04 server eth0 ip: 10.2.0.10/24 ---->c2
gateway1: ubuntu14.04 server eth1 ip: 10.1.0.1/24 eth0 ip: 192.168.0.1/24 --->g1
gateway2: ubuntu14.04 server eth1 ip: 10.2.0.1/24 eth0 ip: 192.168.0.2/24 --->g2
c1(eth0:10.1.0.10/24)<---->(eth1:10.1.0.1/24)g1(eth0:192.168.0.1/24)<---->(eth0:192.168.0.2/24)g2(eth1:10.1.0.1/24)<---->(eth0:10.2.0.10/24)c2
|-------------------switch 1------------| |------------switch 0----------------| |--------------switch 2------------|
That is, eth0 of c1 and eth1 of g1 are in switch 1.
eth0 of g1 and eth0 of g2 are in switch 0.
eth1 of g2 and eth0 of c2 are in switch 2.
Before making tests, please make sure that you can ping from c1 to c2 through switch 0.
1. on g1:
run apt-get install strongswan*
a)ip addr add 192.168.0.1/24 dev eth0
ip link set eth0 up
ip addr add 10.1.0.1/24 dev eth1
ip link set eth1 up
b)
ip route add default via 192.168.0.2 dev eth0
c) /etc/ipsec.conf
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2
mobike=no
conn net-net
left=192.168.0.1
leftsubnet=10.1.0.0/16
leftid=@moon.strongswan.org
leftfirewall=yes
right=192.168.0.2
rightsubnet=10.2.0.0/16
rightid=@sun.strongswan.org
auto=add
d) /etc/ipsec.secrets
: PSK "nokia"
2. on g2
apt-get install strongswan*
ip addr add 192.168.0.2/24 dev eth0
ip link set eth0 up
ip addr add 10.2.0.1/24 dev eth1
ip link set eth1 up
b)
ip route add default via 192.168.0.1 dev eth0
c) /etc/ipsec.conf
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2
mobike=no
conn net-net
left=192.168.0.2
leftsubnet=10.2.0.0/16
leftid=@sun.strongswan.org
leftfirewall=yes
right=192.168.0.1
rightsubnet=10.1.0.0/16
rightid=@moon.strongswan.org
auto=add
d) /etc/ipsec.secrets
: PSK "nokia"
3. on c1
a)
ip addr add 10.1.0.10/24 dev eth0
b)
ip route add default via 10.1.0.1 dev eth0
4. on c2
a)
ip addr add 10.2.0.10/24 dev eth0
b)
ip route add default via 10.2.0.1 dev eth0
5. on g1
run this command: ipsec restart
6. on g2
run this command: ipsec restart
7. on g1
run this command: ipsec up net-net
8. on c1
run this command: ping 10.2.0.10
9. on g1, g2
run this command: tcpdump -ni eth0 esp
You will find the tcpdump output.