VPN dicas com FreeSwan

  • Post author:
  • Post category:Sem categoria

No menu networking Options:
ip security protocol (frees/wan ipsec)
ipsec: ip-in-ip encapsulation (tunnel mode)
ipsec: authentication Header
hmac-md5 authentication algorithm
hmac-sha1 authentication algorithm
ipsec: encapsulating security payload
3des encryption algorithm
ipsec: ip compression
ipsec: debuggin option

Vc ira precisar das chaves RSA de ambas as maquinas (left) e (right):
[[email protected]:/]#ipsec showhostkey -left
[[email protected]:/]#ipsec showhostkey -right
o ipsec.conf ficar? mais ou menos assim:
conn vpn
leftrsasigkey=
rightrsasigkey=
left=200.207.x.x
leftsubnet=192.168.0.0/24
leftnexthop=
right=200.207.Z.Z
rightsubnet=10.10.192.0/24
rightnexthop=
spi=0x300
esp=3des-md5-96
espenckey=0x0a5b47ab_fec52b0c_6200e505_28ebcbee_d79c3726_7d02a827
espauthkey=0x7767e921_3debaeef_66bc49ee_0ca71cb7
type=tunnel
auto=add

Dai salve e digite em ambas as maquinas:
/etc/init.d/ipsec stop
/etc/init.d/ipsec start

Sete para 0 os seguintes arquivos:
echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/ipsec0/rp_filter

Verifique se o iptables nao esta filtrando a porta 500 tcp e udp.Se estiver, libere-as.

Escolha uma das maquinas para levantar a conexao:
ipsec auto -up vpn

Isso dever? funcionar. Qualquer coisa, http://www.dextra.com.br/opensource/howto.htm