[FUGSPBR] config cripto
marlon em dinf.unicruz.edu.br
marlon em dinf.unicruz.edu.br
Sex Nov 21 08:40:53 BRST 2003
Bom dia galera....o po eh o seguinte, tenho duas makinas como estaçoes, na
mesma rede,
com ips 200.180.200.117 e 200.180.200.118, soh q agora quero estabelecer
criptografia
entre estas duas.tenho apenas uma placa de rede em cada makina. Segue a
configuracao dos arquivos.
--------------------------
====/usr/local/etc/rc.d/vpn.sh
--------------------------
gifconfig gif0 200.180.200.1 200.180.200.11
ifconfig 192.168.1.1 192.168.2.1 netmask 0xffffffff
route add -net 192.168.2.0/24 192.168.2.1
setkey -f /etc/ipsec.conf
------------------------
====/etc/rc.conf
------------------------
# -- sysinstall generated deltas --
# Wed Oct 22 20:10:58 2003
# Created: Wed Oct 22 20:10:58 2003
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
#defaultrouter="10.0.0.111"
defaultrouter="200.180.200.97"
hostname="tc22.unicruz.edu.br"
#ifconfig_dc0="inet 10.0.0.247 netmask 255.255.255.0"
ifconfig_dc0="inet 200.180.200.1 netmask 255.255.255.0"
kern_securelevel_enable="NO"
linux_enable="YES"
nfs_reserved_port_only="YES"
sendmail_enable="YES"
sshd_enable="YES"
usbd_enable="YES"
# -- sysinstall generated deltas --
# Wed Oct 22 20:55:10 2003
moused_enable="YES"
# -- sysinstall generated deltas --
# Wed Oct 22 20:58:47 2003
moused_enable="YES"
# -- sysinstall generated deltas --
# Wed Oct 22 21:02:21 2003
moused_port="/dev/cuaa0"
moused_type="auto"
moused_enable="YES"
# -- sysinstall generated deltas --
# Wed Oct 22 21:02:49 2003
moused_enable="YES"
ipsec_enable="YES"
ipsec_file="/etc/ipsec.conf"
----------------------------
====/etc/ipsec.conf
----------------------------
flush;
spdflush;
add 200.180.200.1 200.180.200.11 esp 9991 -E blowfish-cbc "senha";
add 200.180.200.11 200.180.200.1 esp 9992 -E blowfish-cbc "senha";
spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec esp/tunnel/200.180.200.1-
200.180.200.11/require;
spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec esp/tunnel/200.180.200.11-
200.180.200.1/require;
_______________________________________________________________
Sair da Lista: http://lists.fugspbr.org/listinfo.cgi
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
Mais detalhes sobre a lista de discussão freebsd