wiki.volution.ro -- CiprianDorinCraciun/Notes/Public/IpSec

Links

http://www.ipsec-howto.org/;

Testing

Host setup

# host a
sudo ip addr add 103.199.242.34/24 dev wlan0
sudo ip link add dev dummy0 type dummy
sudo ip link set dev dummy0 up
sudo ip addr add 103.199.67.34/24 dev dummy0
sudo ip route add 103.199.68.0/24 via 103.199.242.35

# host b
sudo ip addr add 103.199.242.35/24 dev wlan0
sudo ip link add dev dummy0 type dummy
sudo ip link set dev dummy0 up
sudo ip addr add 103.199.68.35/24 dev br0
sudo ip route add 103.199.67.0/24 via 103.199.242.34

Simple transparent setup

cat >./conf/ipsec-router-a.conf <<'%%%'

flush;
spdflush;

add 103.199.242.34 103.199.242.35 ah 1
    -m transport
    -A hmac-md5 0x84985d0daf194179eba97db51b2f4a6e;

add 103.199.242.35 103.199.242.34 ah 2
    -m transport
    -A hmac-md5 0xc7fedf035d50fee2d0f71d3a05c52cd5;

add 103.199.242.34 103.199.242.35 esp 3
    -m transport
    -E 3des-cbc 0xdfa4338bcd05988b42d972f38926c1248befb5077c80c3f5;

add 103.199.242.35 103.199.242.34 esp 4
    -m transport
    -E 3des-cbc 0xe9538da6a81d47006b4aa39ccd302ac45e1467f4bb50575f;

spdadd 103.199.242.34 103.199.242.35 any
    -P out ipsec
        esp/transport//require
        ah/transport//require;

spdadd 103.199.242.35 103.199.242.34 any
    -P in ipsec
        esp/transport//require
        ah/transport//require;

%%%

cat >./conf/ipsec-router-b.conf <<'%%%'

flush;
spdflush;

add 103.199.242.34 103.199.242.35 ah 1
    -m transport
    -A hmac-md5 0x84985d0daf194179eba97db51b2f4a6e;

add 103.199.242.35 103.199.242.34 ah 2
    -m transport
    -A hmac-md5 0xc7fedf035d50fee2d0f71d3a05c52cd5;

add 103.199.242.34 103.199.242.35 esp 3
    -m transport
    -E 3des-cbc 0xdfa4338bcd05988b42d972f38926c1248befb5077c80c3f5;

add 103.199.242.35 103.199.242.34 esp 4
    -m transport
    -E 3des-cbc 0xe9538da6a81d47006b4aa39ccd302ac45e1467f4bb50575f;

spdadd 103.199.242.35 103.199.242.34 any
    -P out ipsec
        esp/transport//require
        ah/transport//require;

spdadd 103.199.242.34 103.199.242.35 any
    -P in ipsec
        esp/transport//require
        ah/transport//require;

%%%

Simple tunnel setup

cat >./conf/ipsec-router-a.conf <<'%%%'

flush;
spdflush;

add 103.199.242.34 103.199.242.35 esp 1
    -m tunnel
    -E 3des-cbc 0xdfa4338bcd05988b42d972f38926c1248befb5077c80c3f5
    -A hmac-md5 0x84985d0daf194179eba97db51b2f4a6e;

add 103.199.242.35 103.199.242.34 esp 2
    -m tunnel
    -E 3des-cbc 0xe9538da6a81d47006b4aa39ccd302ac45e1467f4bb50575f
    -A hmac-md5 0xc7fedf035d50fee2d0f71d3a05c52cd5;

spdadd 103.199.67.0/24 103.199.68.0/24 any
    -P out ipsec
        esp/tunnel/103.199.242.34-103.199.242.35/require;

spdadd 103.199.68.0/24 103.199.67.0/24 any
    -P in ipsec
        esp/tunnel/103.199.242.35-103.199.242.34/require;

%%%

cat >./conf/ipsec-router-b.conf <<'%%%'

flush;
spdflush;

add 103.199.242.34 103.199.242.35 esp 1
    -m tunnel
    -E 3des-cbc 0xdfa4338bcd05988b42d972f38926c1248befb5077c80c3f5
    -A hmac-md5 0x84985d0daf194179eba97db51b2f4a6e;

add 103.199.242.35 103.199.242.34 esp 2
    -m tunnel
    -E 3des-cbc 0xe9538da6a81d47006b4aa39ccd302ac45e1467f4bb50575f
    -A hmac-md5 0xc7fedf035d50fee2d0f71d3a05c52cd5;

spdadd 103.199.68.0/24 103.199.67.0/24 any
    -P out ipsec
        esp/tunnel/103.199.242.35-103.199.242.34/require;

spdadd 103.199.67.0/24 103.199.68.0/24 any
    -P in ipsec
        esp/tunnel/103.199.242.34-103.199.242.35/require;

%%%