Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user-br

From: Eduardo Schoedler <eschoedler@×××××××××××.br>
To: gentoo-user-br@l.g.o
Subject: RES: [gentoo-user-br] VPN ipsec
Date: Wed, 24 Nov 2010 15:08:04
Message-Id: !&!AAAAAAAAAAAYAAAAAAAAAIuUu3nmKcFHrbjqCBaxr87CgAAAEAAAAJ+J4i0iM7ZBvmRO006tTsYBAAAAAA==@viavale.com.br
In Reply to: [gentoo-user-br] VPN ipsec by Ricardo Felix
1 Talvez o pessoal do MASOCH-L conseguirá te ajudar melhor...
2 https://eng.registro.br/mailman/listinfo/masoch-l
3
4 Abraço,
5
6 --
7 Eduardo Schoedler
8
9
10
11 > -----Mensagem original-----
12 > De: Ricardo Felix [mailto:felix.ricardo@×××××.com]
13 > Enviada em: quarta-feira, 24 de novembro de 2010 13:02
14 > Para: gentoo-user-br@l.g.o
15 > Assunto: [gentoo-user-br] VPN ipsec
16 >
17 > Boa tarde galera, uma pergunta aqui que já to suando.
18 > Alguém por aqui já criou uma VPN Ipsec com openswan e um Juniper SSG520
19 > ?
20 >
21 > Consigo colocar a VPN no Ar, mas o tráfego não passa de uma ponta a
22 > outra....
23 >
24 > meus arquivos de conf...
25 >
26 > ipsec.conf
27 >
28 > conn HQtoDC
29 > type=tunnel
30 > left=189.38.x.x
31 > leftsubnet=172.16.16.0/24
32 > leftnexthop=200.160.x.x
33 > right=200.160.x.x
34 > rightsubnet=172.16.18.0/24
35 > pfs=yes
36 > keyingtries=0
37 > aggrmode=no
38 > auto=start
39 > auth=esp
40 > esp=3des-sha1-96
41 > ike=3des-sha1-96
42 > authby=secret
43 >
44 >
45 > minha tabela de rotas após subir o ipsec
46 >
47 > Kernel IP routing table
48 > Destination Gateway Genmask Flags Metric Ref
49 > Use Iface
50 > 201.6.249.136 189.38.250.1 255.255.255.255 UGH 0 0 0
51 > eth0
52 > 200.207.121.196 189.38.250.1 255.255.255.255 UGH 0 0 0
53 > eth0
54 > 200.204.154.71 189.38.250.1 255.255.255.255 UGH 0 0 0
55 > eth0
56 > 10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0
57 > tun0
58 > 201.81.231.236 189.38.250.1 255.255.255.255 UGH 0 0 0
59 > eth0
60 > 74.125.93.121 189.38.250.1 255.255.255.255 UGH 0 0 0
61 > eth0
62 > 201.81.224.243 189.38.250.1 255.255.255.255 UGH 0 0 0
63 > eth0
64 > 200.171.213.106 189.38.250.1 255.255.255.255 UGH 0 0 0
65 > eth0
66 > 200.158.83.246 189.38.250.1 255.255.255.255 UGH 0 0 0
67 > eth0
68 > 200.160.255.48 189.38.250.1 255.255.255.240 UG 0 0 0
69 > eth0
70 > 172.16.18.0 0.0.0.0 255.255.255.0 U 0 0 0
71 > eth0
72 > 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0
73 > eth2
74 > 189.38.250.0 0.0.0.0 255.255.255.0 U 0 0 0
75 > eth0
76 > 10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0
77 > tun0
78 > 172.16.16.0 0.0.0.0 255.255.255.0 U 0 0 0
79 > eth1
80 > 187.38.0.0 0.0.0.0 255.255.240.0 U 0 0 0
81 > eth3
82 > 10.0.0.0 10.0.0.1 255.255.0.0 UG 0 0 0
83 > eth2
84 > 74.125.0.0 189.38.250.1 255.255.0.0 UG 0 0 0
85 > eth0
86 > 0.0.0.0 187.38.0.1 0.0.0.0 UG 0 0 0
87 > eth3
88 >
89 >
90 > Comandos iptables para permitir o tráfego entre as redes.
91 >
92 > iptables -t nat -A POSTROUTING -o eth0 -s 172.16.16.0/24 -d !
93 > 172.16.18.0/24 -j MASQUERADE
94 > iptables -A FORWARD -p tcp -i eth0 -s 172.16.18.0/24 -o eth1 -d
95 > 172.16.16.0/24 -j ACCEPT
96 > iptables -A FORWARD -p tcp -i eth1 -s 172.16.16.0/24 -o eth0 -d
97 > 172.16.18.0/24 -j ACCEPT
98 >
99 >
100 > Não pego pacotes sendo dropados no linux.
101 > Alguma ideia iluminada...?
102 >
103 > Abraços
104 > Ricardo Felix do Nascimento
Report Message
Find on MARC Find on Google Groups