vpn con adsl.
Victor Pasten V.
victor en aciertonet.com
Mar Feb 18 15:27:35 CLST 2003
----- Original Message -----
From: "jorge" <jorge en netsecure.cl>
Subject: Re: vpn con adsl.
> muy bien ...
> voy a hacer un mini-howto VPN con tu config...
>
> una forma como hize una vez una vpn, fue instalar el dyndns y colocar el
> nombre por ejemplo: server.dyndns.org declarado en el peer, asi cuando
> levantaba la vpn siempre iba a consultar el nombre asociado a la nueva
> IP y obtenia la IP dinamica...
Claro, es buena idea.
>
> El mar, 18-02-2003 a las 18:15, Victor Pasten V. escribió:
> >
> > ----- Original Message -----
> > From: "jorge" <jorge en netsecure.cl>
> > > si puedes, debes definir como ip remota algo como 0.0.0.0.
> > Ok, habria que definirlo así.
> >
> > > envia tu archivo de configuracion para conocnimiento de los demas...
> >
> > perfecto, basado en el man:
> >
> > isakmpd.conf de maquina gw-vpn-stgo:
> >
> > gw-vpn-stgo# more /etc/isakmpd/isakmpd.conf
> > # Incoming phase 1 negotiations are multiplexed on the source IP
> > # address. Phase 1 is used to setup a protected channel just
> > # between the two gateway machines. This channel is then used for
> > # the phase 2 negotiation traffic (i.e. encrypted & authenticated).
> >
> > [Phase 1]
> > 172.16.16.2= gw-vpn-temuco
> >
> > # 'Phase 2' defines which connections the daemon should establish.
> > # These connections contain the actual "IPsec VPN" information.
> >
> > [Phase 2]
> > Connections= VPN-stgo-temuco
> >
> > # ISAKMP phase 1 peers (from [Phase 1])
> >
> > [gw-vpn-temuco]
> > Phase= 1
> > Transport= udp
> > Address= 172.16.16.2
> > Configuration= Default-main-mode
> > Authentication= yoursharedsecret
> >
> > # IPSEC phase 2 connections (from [Phase 2])
> >
> > [VPN-stgo-temuco]
> > Phase= 2
> > ISAKMP-peer= gw-vpn-temuco
> > Configuration= Default-quick-mode
> > Local-ID= gw-vpn-stgo-internal-network
> > Remote-ID= gw-vpn-temuco-internal-network
> >
> > # ID sections (as used in [VPN-stgo-temuco])
> >
> > [gw-vpn-stgo-internal-network]
> > ID-type= IPV4_ADDR_SUBNET
> > Network= 192.168.1.0
> > Netmask= 255.255.255.240
> >
> > [gw-vpn-temuco-internal-network]
> > ID-type= IPV4_ADDR_SUBNET
> > Network= 192.168.10.0
> > Netmask= 255.255.255.0
> >
> > # Main and Quick Mode descriptions (as used by peers and connections)
> >
> > [Default-main-mode]
> > DOI= IPSEC
> > EXCHANGE_TYPE= ID_PROT
> > Transforms= 3DES-SHA,BLF-SHA
> >
> > [Default-quick-mode]
> > DOI= IPSEC
> > EXCHANGE_TYPE= QUICK_MODE
> > Suites= QM-ESP-3DES-SHA-SUITE
> >
> > --------------
ooOOOoo --------------------------------------------------
> >
> > isakmpd.conf de maquina gw-vpn-temuco:
> >
> > gw-vpn-temuco# more /etc/isakmpd/isakmpd.conf
> > # more isakmpd.conf
> > # Incoming phase 1 negotiations are multiplexed on the source IP
> > # address. Phase 1 is used to setup a protected channel just
> > # between the two gateway machines. This channel is then used for
> > # the phase 2 negotiation traffic (i.e. encrypted & authenticated).
> >
> > [Phase 1]
> > 172.16.16.1= gw-vpn-stgo
> >
> > # 'Phase 2' defines which connections the daemon should establish.
> > # These connections contain the actual "IPsec VPN" information.
> >
> > [Phase 2]
> > Connections= VPN-temuco-stgo
> >
> > # ISAKMP phase 1 peers (from [Phase 1])
> >
> > [gw-vpn-stgo]
> > Phase= 1
> > Transport= udp
> > Address= 172.16.16.1
> > Configuration= Default-main-mode
> > Authentication= yoursharedsecret
> >
> > # IPSEC phase 2 connections (from [Phase 2])
> >
> > [VPN-temuco-stgo]
> > Phase= 2
> > ISAKMP-peer= gw-vpn-stgo
> > Configuration= Default-quick-mode
> > Local-ID= gw-vpn-temuco-internal-network
> > Remote-ID= gw-vpn-stgo-internal-network
> >
> > # ID sections (as used in [VPN-stgo-temuco)
> >
> > [gw-vpn-stgo-internal-network]
> > ID-type= IPV4_ADDR_SUBNET
> > Network= 192.168.1.0
> > Netmask= 255.255.255.240
> >
> > [gw-vpn-temuco-internal-network]
> > ID-type= IPV4_ADDR_SUBNET
> > Network= 192.168.10.0
> > Netmask= 255.255.255.0
> >
> > # Main and Quick Mode descriptions (as used by peers and connections)
> >
> > [Default-main-mode]
> > DOI= IPSEC
> > EXCHANGE_TYPE= ID_PROT
> > Transforms= 3DES-SHA,BLF-SHA
> >
> > [Default-quick-mode]
> > DOI= IPSEC
> > EXCHANGE_TYPE= QUICK_MODE
> > Suites= QM-ESP-3DES-SHA-SUITE
> >
> >
> >
> >
> >
> >
> > >
> > > El mar, 18-02-2003 a las 17:09, Victor Pasten V. escribió:
> > > > Hola lista ha estado lenta la cosa.
> > > >
> > > >
> > > > Una consultailla, estoy jugando con el tema de IPSec, logre hacer
montar
> > una vpn pequeña y al parecer funciono bien, hice ping desda una de las
redes
> > a la otra, y ejecute el siguiente comando en una de las máquinas open
(lo
> > siguiente es un fragmento de lo que me entrego el comando por pantalla)
:
> > > >
> > >
> >
> --------------------------------------------------------------------------
>
> --------------------------------------------------------------------------
--
> > -----------------------------------------------------
> > > > gw-vpn-stgo# tcpdump -i ep0 (ep0 es la interfaz externa del gateway
de
> > la red stgo en la simulacion)
> > > >
> > > > 08:51:58.931793 arp reply gw-vpn-temuco.aciertonet.com is-at
> > 0:20:18:2c:8d:5d
> > > > 08:51:58.931907 gw-vpn-stgo.aciertonet.com.isakmp >
> > gw-vpn-temuco.aciertonet.com.isakmp: isakmp v1.0 exchange QUICK_MODE
> > encrypted
> > > > cookie: 2128a41b7dee3894->29dd868df0adc2c9 msgid: 1a6f4050
len:
> > 156
> > > > 08:51:59.204191 gw-vpn-temuco.aciertonet.com.isakmp >
> > gw-vpn-stgo.aciertonet.com.isakmp: isakmp v1.0 exchange QUICK_MODE
> > encrypted
> > > > cookie: 2128a41b7dee3894->29dd868df0adc2c9 msgid: 1a6f4050
len:
> > 156
> > > > 08:51:59.472744 gw-vpn-stgo.aciertonet.com.isakmp >
> > gw-vpn-temuco.aciertonet.com.isakmp: isakmp v1.0 exchange QUICK_MODE
> > encrypted
> > > > cookie: 2128a41b7dee3894->29dd868df0adc2c9 msgid: 1a6f4050
len:
> > 52
> > > > 08:52:37.870089 esp gw-vpn-stgo.aciertonet.com >
> > gw-vpn-temuco.aciertonet.com spi 0xA2809130 seq 1 len 92
> > > > 08:52:37.871705 esp gw-vpn-temuco.aciertonet.com >
> > gw-vpn-stgo.aciertonet.com spi 0x89585083 seq 1 len 92
> > > > 08:52:38.864768 esp gw-vpn-stgo.aciertonet.com >
> > gw-vpn-temuco.aciertonet.com spi 0xA2809130 seq 2 len 92
> > > > 08:52:38.871091 esp gw-vpn-temuco.aciertonet.com >
> > gw-vpn-stgo.aciertonet.com spi 0x89585083 seq 2 len 92
> > > > 08:52:39.864569 esp gw-vpn-stgo.aciertonet.com >
> > gw-vpn-temuco.aciertonet.com spi 0xA2809130 seq 3 len 92
> > > > 08:52:39.870892 esp gw-vpn-temuco.aciertonet.com >
> > gw-vpn-stgo.aciertonet.com spi 0x89585083 seq 3 len 92
> > > > 08:52:40.874281 esp gw-vpn-stgo.aciertonet.com >
> > gw-vpn-temuco.aciertonet.com spi 0xA2809130 seq 4 len 92
> > > > 08:52:40.880585 esp gw-vpn-temuco.aciertonet.com >
> > gw-vpn-stgo.aciertonet.com spi 0x89585083 seq 4 len 92
> > > > 08:52:41.883526 esp gw-vpn-stgo.aciertonet.com >
> > gw-vpn-temuco.aciertonet.com spi 0xA2809130 seq 5 len 92
> > > > 08:52:41.884896 esp gw-vpn-temuco.aciertonet.com >
> > gw-vpn-stgo.aciertonet.com spi 0x89585083 seq 5 len 92
> > > > 08:52:42.883298 esp gw-vpn-stgo.aciertonet.com >
> > gw-vpn-temuco.aciertonet.com spi 0xA2809130 seq 6 len 92
> > > > 08:52:42.884666 esp gw-vpn-temuco.aciertonet.com >
> > gw-vpn-stgo.aciertonet.com spi 0x89585083 seq 6 len 92
> > > > 08:53:57.891363 gw-vpn-stgo.aciertonet.com.isakmp >
> > gw-vpn-temuco.aciertonet.com.isakmp: isakmp v1.0 exchange INFO
encrypted
> > > > cookie: 2128a41b7dee3894->29dd868df0adc2c9 msgid: 9a29ab3b
len:
> > 68
> > > > 08:53:58.000935 gw-vpn-temuco.aciertonet.com.isakmp >
> > gw-vpn-stgo.aciertonet.com.isakmp: isakmp v1.0 exchange INFO encrypted
> > > > cookie: 2128a41b7dee3894->29dd868df0adc2c9 msgid: 96fbc0e6
len:
> > 68
> > > >
> > >
> >
> --------------------------------------------------------------------------
>
> --------------------------------------------------------------------------
--
> > ------------------------------------------
> > > >
> > > > Mi pregunta es la siguiente como puedo hacer para enlazar una red
cuya
> > conexión es mediante adsl (con ip dinamica), se puede???
> > > >
> > > >
> > > > salu2.
> > >
> > >
> >
>
>