[FUGSPBR] config cripto

marlon em dinf.unicruz.edu.br marlon em dinf.unicruz.edu.br
Sex Nov 21 08:40:53 BRST 2003


Bom dia galera....o po eh o seguinte, tenho duas makinas como estaçoes, na 
mesma rede,
com ips 200.180.200.117 e 200.180.200.118, soh q agora quero estabelecer 
criptografia 
entre estas duas.tenho apenas uma placa de rede em cada makina. Segue a 
configuracao dos arquivos.
--------------------------
====/usr/local/etc/rc.d/vpn.sh
--------------------------
gifconfig gif0 200.180.200.1 200.180.200.11

ifconfig 192.168.1.1 192.168.2.1 netmask 0xffffffff 

route add -net 192.168.2.0/24 192.168.2.1 

setkey -f /etc/ipsec.conf
------------------------
====/etc/rc.conf
------------------------

# -- sysinstall generated deltas -- 
# Wed Oct 22 20:10:58 2003

# Created: Wed Oct 22 20:10:58 2003

# Enable network daemons for user convenience.

# Please make all changes to this file, not to /etc/defaults/rc.conf.

# This file now contains just the overrides from /etc/defaults/rc.conf.

#defaultrouter="10.0.0.111"

defaultrouter="200.180.200.97"

hostname="tc22.unicruz.edu.br"

#ifconfig_dc0="inet 10.0.0.247 netmask 255.255.255.0"

ifconfig_dc0="inet 200.180.200.1 netmask 255.255.255.0"

kern_securelevel_enable="NO"

linux_enable="YES"

nfs_reserved_port_only="YES"

sendmail_enable="YES"

sshd_enable="YES"

usbd_enable="YES"

# -- sysinstall generated deltas -- 
# Wed Oct 22 20:55:10 2003

moused_enable="YES"

# -- sysinstall generated deltas -- 
# Wed Oct 22 20:58:47 2003

moused_enable="YES"

# -- sysinstall generated deltas -- 
# Wed Oct 22 21:02:21 2003

moused_port="/dev/cuaa0"

moused_type="auto"

moused_enable="YES"

# -- sysinstall generated deltas -- 
# Wed Oct 22 21:02:49 2003

moused_enable="YES"

ipsec_enable="YES"

ipsec_file="/etc/ipsec.conf"

----------------------------
====/etc/ipsec.conf
----------------------------
flush;

spdflush;

add 200.180.200.1 200.180.200.11 esp 9991 -E blowfish-cbc "senha";

add 200.180.200.11 200.180.200.1 esp 9992 -E blowfish-cbc "senha";



spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec esp/tunnel/200.180.200.1-
200.180.200.11/require;

spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec esp/tunnel/200.180.200.11-
200.180.200.1/require;



_______________________________________________________________
Sair da Lista: http://lists.fugspbr.org/listinfo.cgi
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/



Mais detalhes sobre a lista de discussão freebsd