View Attach Info

Add new attachment

Only authorized users are allowed to upload new attachments.

This page (revision-23) was last changed on 14-Apr-2010 14:30 by CerlettiPaolo  

This page was created on 14-Apr-2010 14:30 by CerlettiPaolo

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 3 removed one line
At line 6 changed 19 lines
editare /etc/ipsec.conf per includere il file di configurazione del tunnel aggiungendo:
%%%prettify
{{{
include /etc/nuova-connessione.conf
}}}
conn con-bsd-linux
type=tunnel
left=194.173.80.21
leftsubnet=192.168.168.0/24
leftnexthop=%defaultroute
right=213.95.53.44
rightsubnet=192.168.167.0/24
rightnexthop=%defaultroute
pfs=no
keyexchange=ike
auth=esp
esp=3des-md5
auto=start
authby=secret
editare /etc/ipsec.conf per includere il file di configurazione del tunnel aggiungendo:\\
%%prettify
{{{
include /etc/nuova-connessione.conf
}}}
editare il file /etc/nuova-connessione.conf
%%prettify
{{{
conn nuova-connessione
type=tunnel
left=194.173.80.21
leftsubnet=192.168.168.0/24
leftnexthop=%defaultroute
right=213.95.53.44
rightsubnet=192.168.167.0/24
rightnexthop=%defaultroute
pfs=no
keyexchange=ike
auth=esp
esp=3des-md5
auto=start
authby=secret
}}}
fare attenzione alla tabulazione\\
Adesso dobbiamo definire una PSK da includere nel file /etc/ipsec.secrets noi utilizzeremo per questo esempio "megapassword"
%%prettify
{{{
194.173.80.21 213.95.53.44 : PSK "megapassword"
}}}
possibilità di mettere "any" al posto di un IP\\
per abilitare il postrouting e l'ip forward tra le reti
%%prettify
{{{
# Iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# Iptables -t nat -A POSTROUTING -d 192.168.167.0/24 -o eth1 -j ACCEPT
# echo 1 > /proc/sys/net/ipv4/ip_forward
}}}
Se si crea un tunnel tra ubuntu e pfsense, su pfsense impostare \\
Negotiation mode = main
Version Date Modified Size Author Changes ... Change note
23 14-Apr-2010 14:30 1.263 kB CerlettiPaolo to previous
22 14-Apr-2010 14:30 1.166 kB CerlettiPaolo to previous | to last
21 14-Apr-2010 14:30 1.185 kB CerlettiPaolo to previous | to last
« This page (revision-23) was last changed on 14-Apr-2010 14:30 by CerlettiPaolo