- [Show pagesource]
- [Old revisions]
- [[unknown link type]]
- []
Table of Contents
IPSec mezi Debian OpenSwan a FortiGate 60B
/etc/ipsec.conf
version 2.0 config setup virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 nat_traversal=yes protostack=netkey conn presto type=tunnel leftsubnet=192.168.204.0/24 left=192.168.1.100 leftnexthop=192.168.1.1 right=93.93.132.175 rightsubnet=192.168.5.0/24 keyexchange=ike auto=start authby=secret pfs=yes esp=aes128-sha1 ike=aes128-sha1
/etc/ipsec.secrets
192.168.1.100 93.93.132.175 : PSK "my_strong_password"
Prichazeji tezke vahy
Potoze me nenapadlo jak rychle rozchodit u sebe podsit 192.168.204.x/24 - stavajici 192.168.1.x/24 jsem pouzit nemohl a nechtelo se mi lovit heslo na muj router a prenastavovat ho - udelal jsem tudle berlicku:
ifconfig eth0:1 192.168.204.123 netmask 255.255.255.0 route add -net 192.168.5.0/24 gw 192.168.204.123
Poznamky nakonec
Je nutne podotknout, ze IPSec pri pouziti nat-traversal pomoci netkey nevytvari novy interface ipsec0.
Pro debug jsem krome klasickeho
tail -f /var/log/auth.log tail -f /var/log/syslog
pouzival jeste
ipsec auto --status ip xfrm policy ip xfrm state
linux/vpn/ipsec.txt · Last modified: 2011/05/20 13:03 by admin