2. Tech
  3. IPSec's use in Linux 2.6

IPSec's use in Linux 2.6

zhaozj2021-02-16  45

Can refer to http://www.ipsec-howto.org/

1. Compiling Keernel 2.6 Must choose the following selection config_inet_ah config_inet_esp config_xfrm_user might also install Module-Init-Tool how to generate kernel to see another document

2. IPsec-Tools / Configure --PREfix = / Make Make Install

3. Communication in two machines Linux (192.168.0.254) Host-a -------------- Linux box (192.168.0.141) Host-b in a Linux # Add PF_SOCKMODPROBE AF_KEY

# 加密 Modprobe MD5Modprobe DES

#Ahmodprobe ah4

#espmodprobe ESP4

CAT> setKey.sh << EOF #! / sbin / setkey -fflush; spdflush;

# AHADD 192.168.0.141 192.168.0.0.141 192.168.0.0.141 192.168.0.0.0.141 192168.0.0.0123456 "; Add 192.168.0.254 192.168.0.141 AH 24500 -A HMAC-MD5" 1234567890123456 "

# ESPADD 192.168.0.141 192.168.0.0.141 192.168.0.0.141 192.168.0.254 ESP 15701 - Es.23456789012123456789012 "; Add 192.168.0.254 192.168.0.141 ESP 24501-E 3DES-CBC" 123456789012123456789012 ";

SPDADD 192.168.0.141 192.168.0.0.141 192.168.0.0.141 192.168.0.0.141 192.168.0.0.0.141 192.168.0.0.0.141 192.168.0.0.0.141 192.168.0.0.0.141 192.168.0.0.0.141 192.168.0.0.0.141 192.168.0.0.0.141 192.168.0.254 Any -P out ipsec ESP / transport // Require;

SPDADD 192.168.0.254 192.168.0.141 Any -P in ipsec ESP / Transport // Require; EOF can be communicated after performing SetKey

Speed ​​test: No IPsec has IPseca-> b 10.21m / s 2.43m / sb-> a 10.94m / s 2.27m / s

The above use is a manual key, and you can use Preshared Keys, X.509 Certificates. Where / USR / Share / SSL / MISC / CA can be used to generate X.509 Certificate

Generating Certificate: MKDir CERTSCD CERTS / USR / Share / SSL / MISC / CA -NEWCA # 254 Passwd: CA254 # 141 Passwd: CA141 / USR / Share / SSL / Misc / Ca -newReq # 254 Passwd: Cert254 # 141 Passwd: Cert141

# Sign IT Using The CERTIFICATE AUTHORITY ?? / usr / share / ssl / misc / ca -Signmv newcert.pem vpngateway_cert.pemmv newreq.pem vpngateway_key.pem

MKDIR / etc / certificatecp ~ / certificate / *. PEM / ETC / CERTS /

# Because Racoon doesn't recognize this key format, turn a lower CD / ETC / OpenSSL RSA -IN 254_key.pem -out 254_key.pem # input certificate. Communication C (192.168.0.119) --- (192.168.0.119) - (192.168.0.114) --- (10.0.0.13) Linux (192.168.0.115) ---- C (192.168.0.253) and Above

Related resources: with sound access new year fireworks animation effects - html-code

转载请注明原文地址:https://www.9cbs.com/read-20933.html

9cbs

New Post(0)