evpc192.168.1.3----192.168.1.254evadsl78.179.141.164-----851.85.
550.94publicipvpnserver10.0.100.102----------sunucu
evde static ip li adsl bağlantı ile işyeri ağına bağlanmak.psk ile.
publicipvpnserver
vi /etc/ipsec-tools.conf
spdadd 10.0.100.0/24 192.168.1.0/24 any -P out ipsec esp/tunnel/851.85.550.94-78.179.141.164/require;
spdadd 192.168.1.0/24 10.0.100.0/24 any -P in ipsec esp/tunnel/78.179.141.164-851.85.550.94/require;
vi /etc/racoon/racoon.conf
remote 78.179.141.164 {
exchange_mode main,aggressive;
nat_traversal on;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group modp1024;
}
#generate_policy off;
}
sainfo anonymous {
pfs_group modp1024;
encryption_algorithm 3des;
authentication_algorithm hmac_sha1, hmac_md5;
compression_algorithm deflate;
}
vi /etc/racoon/psk.txt
78.179.141.164 mokorno
192.168.1.3 mokorno
evpc
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
remote 851.85.550.94 {
exchange_mode main,aggressive;
nat_traversal on;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group modp1024;
}
#generate_policy off;
}
sainfo anonymous {
pfs_group modp1024;
encryption_algorithm 3des;
authentication_algorithm hmac_sha1, hmac_md5;
compression_algorithm deflate;
}
vi /etc/racoon/psk.txt
78.179.141.164 mokorno
81.8.50.34 mokorno
192.168.1.3 mokorno
vi /etc/ipsec-tools.conf
spdadd 10.0.100.0/24 192.168.1.3/32 any -P in ipsec esp/tunnel/851.85.550.94-192.168.1.3/require;
spdadd 192.168.1.3/32 10.0.100.0/24 any -P out ipsec esp/tunnel/192.168.1.3-851.85.550.94/require;
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment