rhel5 简单的IPSEC实现 Transport Mode

最新推荐文章于 2023-01-07 21:44:49 发布

weixin_34366546

最新推荐文章于 2023-01-07 21:44:49 发布

阅读量90

点赞数

原文链接：http://blog.51cto.com/lvsheat/135706

版权

目前在Linux Kernel ≥2.5.47and 2.6.*.中已经支持IPSEC
在rhel 5.3上配置Transport Mode模式
节点192.168.1.146和192.168.1.145之间进行IPSEC加密通讯
在主机192.168.1.146上设置/etc/setkey.conf
# cat /etc/setkey.conf
#!/usr/sbin/setkey -f
# Configuration for 192.168.1.146
# Flush the SAD and SPD
flush;
spdflush;
# Attention: Use this keys only for testing purposes!
# Generate your own keys!
# AH SAs using 128 bit long keys
add 192.168.1.146 192.168.1.145 ah 0x200 -A hmac-md5
0xc0291ff014dccdd03874d9e8e4cdf3e6;
add 192.168.1.145 192.168.1.146 ah 0x300 -A hmac-md5
0x96358c90783bbfa3d7b196ceabe0536b;
# ESP SAs using 192 bit long keys (168 + 24 parity)
add 192.168.1.146 192.168.1.145 esp 0x201 -E 3des-cbc
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831;
add 192.168.1.145 192.168.1.146 esp 0x301 -E 3des-cbc
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df;
# Security policies
spdadd 192.168.1.146 192.168.1.145 any -P out ipsec
esp/transport//require
ah/transport//require;
spdadd 192.168.1.145 192.168.1.146 any -P in ipsec
esp/transport//require
ah/transport//require;
在主机192.168.1.145上设置/etc/setkey.conf配置文件
# cat /etc/setkey.conf
#!/usr/sbin/setkey -f
# Configuration for 192.168.1.145
# Flush the SAD and SPD
flush;
spdflush;
# Attention: Use this keys only for testing purposes!
# Generate your own keys!
# AH SAs using 128 bit long keys
add 192.168.1.146 192.168.1.145 ah 0x200 -A hmac-md5
0xc0291ff014dccdd03874d9e8e4cdf3e6;
add 192.168.1.145 192.168.1.146 ah 0x300 -A hmac-md5
0x96358c90783bbfa3d7b196ceabe0536b;
# ESP SAs using 192 bit long keys (168 + 24 parity)
add 192.168.1.146 192.168.1.145 esp 0x201 -E 3des-cbc
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831;
add 192.168.1.145 192.168.1.146 esp 0x301 -E 3des-cbc
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df;
# Security policies
spdadd 192.168.1.146 192.168.1.145 any -P in ipsec
esp/transport//require
ah/transport//require;
spdadd 192.168.1.145 192.168.1.146 any -P out ipsec
esp/transport//require
ah/transport//require;
在连个主机上分别执行相同的命令
#setkey -f /etc/setkey.conf
# setkey -D
# setkey -DP
在主机192.168.1.146上监听192.168.1.145上的访问
#tcpdump host 192.168.1.145
11:37:38.428225 IP 192.168.1.146 > 192.168.1.145: AH(spi=0x00000200,seq=0x90): ESP(spi=0x00000201,seq=0x90), length 72
11:37:38.428481 IP 192.168.1.145 > 192.168.1.146: AH(spi=0x00000300,seq=0x94): ESP(spi=0x00000301,seq=0x94), length 56
11:37:38.428501 IP 192.168.1.145 > 192.168.1.146: AH(spi=0x00000300,seq=0x95): ESP(spi=0x00000301,seq=0x95), length 64
11:37:38.428529 IP 192.168.1.146 > 192.168.1.145: AH(spi=0x00000200,seq=0x91): ESP(spi=0x00000201,seq=0x91), length 56
11:37:38.428572 IP 192.168.1.146 > 192.168.1.145: AH(spi=0x00000200,seq=0x92): ESP(spi=0x00000201,seq=0x92), length 88
11:37:38.428782 IP 192.168.1.145 > 192.168.1.146: AH(spi=0x00000300,seq=0x96): ESP(spi=0x00000301,seq=0x96), length 72
看到AH信息呢么！

转载于:https://blog.51cto.com/lvsheat/135706

weixin_34366546

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
rhel5 简单的IPSEC实现 Transport Mode

目前在Linux Kernel ≥2.5.47and 2.6.*.中已经支持IPSEC 在rhel 5.3上配置Transport Mode模式节点192.168.1.146和192.168.1.145之间进行IPSEC加密通讯在主机192.168.1.146上设置/etc/setkey.conf # cat /etc/setkey.conf ...
复制链接

扫一扫