Scribd Logo
Unggah

Selamat datang di Scribd!

  • Ip Sec

    Diunggah oleh

    gmnandeesh
    30 tayangan3 halaman
    The document discusses configuring IPSec connections between Linux hosts in both transport and tunnel modes. For transport mode IPSec, it describes adding rules to ipsec-tools.conf files, updating the security database with setkey, and verifying connectivity with ping and tcpdump. For tunnel mode, similar steps are outlined along with defining a forwarding policy and adding virtual IPs. StrongSwan can also be used for dynamic security key sharing between hosts.

    Deskripsi Asli:

    Judul Asli

    IpSec

    Hak Cipta

    © Attribution Non-Commercial (BY-NC)

    Format Tersedia

    DOC, PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    The document discusses configuring IPSec connections between Linux hosts in both transport and tunnel modes. For transport mode IPSec, it describes adding rules to ipsec-tools.conf files, updating the security database with setkey, and verifying connectivity with ping and tcpdump. For tunnel mode, similar steps are outlined along with defining a forwarding policy and adding virtual IPs. StrongSwan can also be used for dynamic security key sharing between hosts.

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai DOC, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    30 tayangan3 halaman

    Ip Sec

    Diunggah oleh

    gmnandeesh
    The document discusses configuring IPSec connections between Linux hosts in both transport and tunnel modes. For transport mode IPSec, it describes adding rules to ipsec-tools.conf files, updating the security database with setkey, and verifying connectivity with ping and tcpdump. For tunnel mode, similar steps are outlined along with defining a forwarding policy and adding virtual IPs. StrongSwan can also be used for dynamic security key sharing between hosts.

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai DOC, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 3

    IPSec Configuration Linux Host to Host Testing Sekey: Mannually adds, updates, dumps, or flushes Security Association Database

    (SAD) entries as well as Security Policy Database (SPD) entries in the kerne using the sekey command provided by linux kernel. 1. Transport Mode

    Establishing the IPSec between 192.168.15.44 and 192.168.15.64 in transport mode.

    Steps to configure the Transport mode IPSec


    a. Install the tools sudo apt-get install ipsec-tools b. Add the rules at /etc/ipsec-tools.conf a. Include the AH and ESP key sharing between each pair of IP addresses. Refer the document attached below add command. b. Add the security policy using spdadd refer below files

    ipsec-tools.conf_44

    ipsec-tools.conf_64

    c. Update IPSec data base using /etc/init.d/setkey start d. Ping the system using ping 192.168.15.64 and verify the packet at the other system using tcpdump esp. It should display the ESP packets in the packet capture. Note: The above configuration needs to be done on both the system. To use the above configuration on other system flip the in and out directives in the attached configuration file ipsec-tools.conf. Please refer the below link for more information:
    https://help.ubuntu.com/community/IPSecHowTo

    2. Tunnel Mode Establishing the IPSec between 192.168.15.44 and 192.168.15.64 in tunnel mode.

    Steps to configure the Tunnel mode IPSec


    a. Install the tools sudo apt-get install ipsec-tools b. Add the rules at /etc/ipsec-tools.conf a. Include the AH an,d ESP key sharing between each pair of IP addresses. Refer the document attached below check add command. b. Add the security policy using spdadd refer below files

    ipsec-tools.conf_Tunnel_44

    ipsec-tools.conf_Tunnel_64

    c. Define the forward policy using the spdadd. d. Update IPSec data base using /etc/init.d/setkey start e. Add the virtual IP on both the system a. Eg: ifconfig eth0:VirtualIP 172.16.1.10 UP

    f. Ping the system using ping 192.168.15.64 and verify the packet at the other system using tcpdump esp. It should display the ESP packets in the packet capture. Note: The above configuration needs to be done on both the system. To use the above configuration on other system flip the in and out directives in the attached configuration file ipsec-tools.conf. Please refer the below link for more information:
    https://help.ubuntu.com/community/IPSecHowTo

    IPSec with StrongSwan Security key sharing is dyanamic. -To be Updated-

    Anda mungkin juga menyukai