Strongswan bridge mit gre-tunnel

Aus xinux.net
Zur Navigation springen Zur Suche springen

install

  • apt-get install strongswan bridge-utils

strongswan

host germany

  • /etc/ipsec.conf
conn france-gemany
      authby=secret
      type=transport
      auto=start
      ike=aes256-sha256-modp2048
      esp=aes256-sha256-modp2048
      keyexchange=ikev2
      left=10.134.2.5
      right=10.130.206.42
      auto=start
  • /etc/ipsec.secrets
10.130.206.42 10.134.2.5  : PSK "suxer"

host france

  • /etc/ipsec.conf
conn france-gemany
      authby=secret
      type=transport
      auto=start
      ike=aes256-sha256-modp2048
      esp=aes256-sha256-modp2048
      keyexchange=ikev2
      left=10.134.2.5
      right=10.130.206.42
      auto=start
  • /etc/ipsec.secrets
10.130.206.42 10.134.2.5  : PSK "suxer"

gre-tunnel

host germany

  • /etc/network/interface
auto ens15
iface ens15 inet manual

auto dmz
iface dmz inet manual
      post-up ip link add gretap1 type gretap local 10.130.206.42  remote 10.134.2.5
      post-up ip link set dev gretap1 up
      post-up brctl addif dmz gretap1
      bridge_ports ens15 tap1
      bridge_stp off
      bridge_maxwait 10

host france

  • /etc/network/interface
auto ens15
iface ens15 inet manual

auto dmz
iface dmz inet manual
      post-up ip link add gretap1 type gretap local 10.134.2.5 remote 10.130.206.42
      post-up ip link set dev gretap1 up
      post-up brctl addif dmz gretap1
      bridge_ports ens15 tap1
      bridge_stp off
      bridge_maxwait 10
Abgerufen von „https://xinux.net/index.php?title=Strongswan_bridge_mit_gre-tunnel&oldid=17339