vpn con adsl.
Victor Pasten V.
victor en aciertonet.com
Mar Feb 18 15:15:14 CLST 2003
----- Original Message -----
From: "jorge" <jorge en netsecure.cl>
> si puedes, debes definir como ip remota algo como 0.0.0.0.
Ok, habria que definirlo así.
> envia tu archivo de configuracion para conocnimiento de los demas...
perfecto, basado en el man:
isakmpd.conf de maquina gw-vpn-stgo:
gw-vpn-stgo# more /etc/isakmpd/isakmpd.conf
# Incoming phase 1 negotiations are multiplexed on the source IP
# address. Phase 1 is used to setup a protected channel just
# between the two gateway machines. This channel is then used for
# the phase 2 negotiation traffic (i.e. encrypted & authenticated).
[Phase 1]
172.16.16.2= gw-vpn-temuco
# 'Phase 2' defines which connections the daemon should establish.
# These connections contain the actual "IPsec VPN" information.
[Phase 2]
Connections= VPN-stgo-temuco
# ISAKMP phase 1 peers (from [Phase 1])
[gw-vpn-temuco]
Phase= 1
Transport= udp
Address= 172.16.16.2
Configuration= Default-main-mode
Authentication= yoursharedsecret
# IPSEC phase 2 connections (from [Phase 2])
[VPN-stgo-temuco]
Phase= 2
ISAKMP-peer= gw-vpn-temuco
Configuration= Default-quick-mode
Local-ID= gw-vpn-stgo-internal-network
Remote-ID= gw-vpn-temuco-internal-network
# ID sections (as used in [VPN-stgo-temuco])
[gw-vpn-stgo-internal-network]
ID-type= IPV4_ADDR_SUBNET
Network= 192.168.1.0
Netmask= 255.255.255.240
[gw-vpn-temuco-internal-network]
ID-type= IPV4_ADDR_SUBNET
Network= 192.168.10.0
Netmask= 255.255.255.0
# Main and Quick Mode descriptions (as used by peers and connections)
[Default-main-mode]
DOI= IPSEC
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA,BLF-SHA
[Default-quick-mode]
DOI= IPSEC
EXCHANGE_TYPE= QUICK_MODE
Suites= QM-ESP-3DES-SHA-SUITE
-------------- ooOOOoo --------------------------------------------------
isakmpd.conf de maquina gw-vpn-temuco:
gw-vpn-temuco# more /etc/isakmpd/isakmpd.conf
# more isakmpd.conf
# Incoming phase 1 negotiations are multiplexed on the source IP
# address. Phase 1 is used to setup a protected channel just
# between the two gateway machines. This channel is then used for
# the phase 2 negotiation traffic (i.e. encrypted & authenticated).
[Phase 1]
172.16.16.1= gw-vpn-stgo
# 'Phase 2' defines which connections the daemon should establish.
# These connections contain the actual "IPsec VPN" information.
[Phase 2]
Connections= VPN-temuco-stgo
# ISAKMP phase 1 peers (from [Phase 1])
[gw-vpn-stgo]
Phase= 1
Transport= udp
Address= 172.16.16.1
Configuration= Default-main-mode
Authentication= yoursharedsecret
# IPSEC phase 2 connections (from [Phase 2])
[VPN-temuco-stgo]
Phase= 2
ISAKMP-peer= gw-vpn-stgo
Configuration= Default-quick-mode
Local-ID= gw-vpn-temuco-internal-network
Remote-ID= gw-vpn-stgo-internal-network
# ID sections (as used in [VPN-stgo-temuco)
[gw-vpn-stgo-internal-network]
ID-type= IPV4_ADDR_SUBNET
Network= 192.168.1.0
Netmask= 255.255.255.240
[gw-vpn-temuco-internal-network]
ID-type= IPV4_ADDR_SUBNET
Network= 192.168.10.0
Netmask= 255.255.255.0
# Main and Quick Mode descriptions (as used by peers and connections)
[Default-main-mode]
DOI= IPSEC
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA,BLF-SHA
[Default-quick-mode]
DOI= IPSEC
EXCHANGE_TYPE= QUICK_MODE
Suites= QM-ESP-3DES-SHA-SUITE
>
> El mar, 18-02-2003 a las 17:09, Victor Pasten V. escribió:
> > Hola lista ha estado lenta la cosa.
> >
> >
> > Una consultailla, estoy jugando con el tema de IPSec, logre hacer montar
una vpn pequeña y al parecer funciono bien, hice ping desda una de las redes
a la otra, y ejecute el siguiente comando en una de las máquinas open (lo
siguiente es un fragmento de lo que me entrego el comando por pantalla) :
> >
>
> --------------------------------------------------------------------------
----------------------------------------------------------------------------
-----------------------------------------------------
> > gw-vpn-stgo# tcpdump -i ep0 (ep0 es la interfaz externa del gateway de
la red stgo en la simulacion)
> >
> > 08:51:58.931793 arp reply gw-vpn-temuco.aciertonet.com is-at
0:20:18:2c:8d:5d
> > 08:51:58.931907 gw-vpn-stgo.aciertonet.com.isakmp >
gw-vpn-temuco.aciertonet.com.isakmp: isakmp v1.0 exchange QUICK_MODE
encrypted
> > cookie: 2128a41b7dee3894->29dd868df0adc2c9 msgid: 1a6f4050 len:
156
> > 08:51:59.204191 gw-vpn-temuco.aciertonet.com.isakmp >
gw-vpn-stgo.aciertonet.com.isakmp: isakmp v1.0 exchange QUICK_MODE
encrypted
> > cookie: 2128a41b7dee3894->29dd868df0adc2c9 msgid: 1a6f4050 len:
156
> > 08:51:59.472744 gw-vpn-stgo.aciertonet.com.isakmp >
gw-vpn-temuco.aciertonet.com.isakmp: isakmp v1.0 exchange QUICK_MODE
encrypted
> > cookie: 2128a41b7dee3894->29dd868df0adc2c9 msgid: 1a6f4050 len:
52
> > 08:52:37.870089 esp gw-vpn-stgo.aciertonet.com >
gw-vpn-temuco.aciertonet.com spi 0xA2809130 seq 1 len 92
> > 08:52:37.871705 esp gw-vpn-temuco.aciertonet.com >
gw-vpn-stgo.aciertonet.com spi 0x89585083 seq 1 len 92
> > 08:52:38.864768 esp gw-vpn-stgo.aciertonet.com >
gw-vpn-temuco.aciertonet.com spi 0xA2809130 seq 2 len 92
> > 08:52:38.871091 esp gw-vpn-temuco.aciertonet.com >
gw-vpn-stgo.aciertonet.com spi 0x89585083 seq 2 len 92
> > 08:52:39.864569 esp gw-vpn-stgo.aciertonet.com >
gw-vpn-temuco.aciertonet.com spi 0xA2809130 seq 3 len 92
> > 08:52:39.870892 esp gw-vpn-temuco.aciertonet.com >
gw-vpn-stgo.aciertonet.com spi 0x89585083 seq 3 len 92
> > 08:52:40.874281 esp gw-vpn-stgo.aciertonet.com >
gw-vpn-temuco.aciertonet.com spi 0xA2809130 seq 4 len 92
> > 08:52:40.880585 esp gw-vpn-temuco.aciertonet.com >
gw-vpn-stgo.aciertonet.com spi 0x89585083 seq 4 len 92
> > 08:52:41.883526 esp gw-vpn-stgo.aciertonet.com >
gw-vpn-temuco.aciertonet.com spi 0xA2809130 seq 5 len 92
> > 08:52:41.884896 esp gw-vpn-temuco.aciertonet.com >
gw-vpn-stgo.aciertonet.com spi 0x89585083 seq 5 len 92
> > 08:52:42.883298 esp gw-vpn-stgo.aciertonet.com >
gw-vpn-temuco.aciertonet.com spi 0xA2809130 seq 6 len 92
> > 08:52:42.884666 esp gw-vpn-temuco.aciertonet.com >
gw-vpn-stgo.aciertonet.com spi 0x89585083 seq 6 len 92
> > 08:53:57.891363 gw-vpn-stgo.aciertonet.com.isakmp >
gw-vpn-temuco.aciertonet.com.isakmp: isakmp v1.0 exchange INFO encrypted
> > cookie: 2128a41b7dee3894->29dd868df0adc2c9 msgid: 9a29ab3b len:
68
> > 08:53:58.000935 gw-vpn-temuco.aciertonet.com.isakmp >
gw-vpn-stgo.aciertonet.com.isakmp: isakmp v1.0 exchange INFO encrypted
> > cookie: 2128a41b7dee3894->29dd868df0adc2c9 msgid: 96fbc0e6 len:
68
> >
>
> --------------------------------------------------------------------------
----------------------------------------------------------------------------
------------------------------------------
> >
> > Mi pregunta es la siguiente como puedo hacer para enlazar una red cuya
conexión es mediante adsl (con ip dinamica), se puede???
> >
> >
> > salu2.
>
>