Flag Product

LINUX IPSECTOOLS-RACOON & CISCO VPN MINI-HOWTO

Add to my list

Send to friend

Compare prices

Shop for it: (added from 1 site)

Buy itopenskill.info

See more products from this brand »

Added by 1 people

corolla added to cisco VPN

0 Hearts

Description:

Come configurare una VPN ipsec tra un router cisco e Linux 2.6.xx con ipsectools / Howto setup an ipsec VPN beetween a cisco router and a linux box 2.6.xx with ipsectools LINUX IPSECTOOLS-RACOON & CISCO VPN MINI-HOWTO Author :... See more » Come configurare una VPN ipsec tra un router cisco e Linux 2.6.xx con ipsectools / Howto setup an ipsec VPN beetween a cisco router and a linux box 2.6.xx with ipsectools LINUX IPSECTOOLS-RACOON & CISCO VPN MINI-HOWTO Author : Andrea Pierini (iw0rzm@yahoo.it) Version: 0.1 May, 4th 2005 INTRODUCTION This document describes how to setup an ipsec VPN tunnel with pre-shared keys authentication beetween a Linux box with 2.6.xx kernel, ipsectools and a Cisco router with crypto IOS enabled software. I will describe the configuration of both systems, using a real working example. BACKGROUND PREREQUISTES You will need a Linux 2.6.xx kernel (I tested it on a 2.6.10 kernel), with all the kernel ipsec stuff. Basically you should enable the following options before compiling the new kernel: Networking support (NET) [Y/n/?] y * * Networking options * PF_KEY sockets (NET_KEY) [Y/n/m/?] y IP: AH transformation (INET_AH) [Y/n/m/?] y IP: ESP transformation (INET_ESP) [Y/n/m/?] y IP: IPsec user configuration interface (XFRM_USER) [Y/n/m/?] y Cryptographic API (CRYPTO) [Y/n/?] y HMAC support (CRYPTO_HMAC) [Y/n/?] y Null algorithms (CRYPTO_NULL) [Y/n/m/?] y MD5 digest algorithm (CRYPTO_MD5) [Y/n/m/?] y SHA1 digest algorithm (CRYPTO_SHA1) [Y/n/m/?] y DES and Triple DES EDE cipher algorithms (CRYPTO_DES) [Y/n/m/?] y AES cipher algorithms (CRYPTO_AES) [Y/n/m/?] y For more informations about the kernel setup, take a look at the various guides and how-to's. You will also need the ipsectools (wich includes the racoon isakmp server). The latest tools can be downloaded from http://ipsec-tools.sourceforge.net. I used the ipsec-tools-0.5.2 version. You will also need a Cisco router with ipsec/3des IOS Software release. I used a Cisco 837 ADSL router. GOALS I want to connect a remote office LAN to the main office LAN using an internet ADSL line through a VPN tunnel. Internet access from the remote office should be redirected to the main office for security and internal policies reasons. LAYOUT In order to keep things simple, all references to network devices and configuration in this document will be with respect to the following network configuration: Remote Office LAN ^ v Ethernet0 Loopback0 ------------|----------|----- |Remote Office cisco router | | ROR | ------------|---------------- ATM0.1 ^ | -------------------------- -->Internet <--> |Main Office cisco router| ------------|------------- Ethernet0 ^ v eth0 --------|------------ | Linux Router& VPN | | LRV | -------|------------- eth1 ^ V Main Office LAN The Main Office has a public Class C Network, variably subnetted. The Remote Office ha a private Class C network. More in depth, this is the ip adressing scheme: Office Lan: 192.168.1.0/24 Remote Office Router (ROR) Ethernet0 = 192.168.1.1 Remote Office Router Loopback0 = 82.Y.Y.1 mask 248 Remote Office Router ATM0.1 = 83.Z.Z.2 mask 252 Main Office Lan: 196.X.X.128/25 Linux Router & VPN (LRV) eth0 = 196.X.X.2 mask 248 Linux Router & VPN (LRV) eth1 196.X.X.129 mask 128 As mentioned earlier, all traffic including internet, generated from the remote office should go through the VPN which two endpoints are ROR and LRV. IMPLEMENTATION LINUX SIDE The eth0 interface of LRV represents the endpoint of the tunnel. All traffic coming from the remote subnet 192.168.1.0 exits the tunnel at this level and should be processed. There are 2 possibilities: 1. The packets are destined for the Main Office Lan 2. The packets are destined for the internet The first one does not need any special treating, the second one needs further processing in terms of NAT. These are the steps for the implementation: a) configure VPN b) configure iptables VPN I will not discuss about the ipsec protocol, ah, esp, isakmp and so on, but assume that you are already familiar with it. If not look at the related links. We will use the triple-des (3DES) encryption algorithm, the SHA1 hash algorithm, the Diffie-Hellman exponentiations group 2 (1024) and pre-shared keys authentication. We need to edit 3 file: /etc/ipsec.conf, /etc/racoon.conf, /etc/psk.txt The ipsec.conf file will look See less »

Comments (0)

Add a Comment:

Not a Kaboodler? Join Now, It's Free!

Email:

Screen Name:

Password:

Birthday:

Security Check
(Reload)

Enter Both Words

I have read and agree to the Terms of Service

Remember me on this computer.

Kaboodle will send you a newsletter and updates from your friends. You can unsubscribe at any time. Kaboodle does not sell or share your email address or personal information with anyone.

Cancel Already a Kaboodler? Sign in

LINUX IPSECTOOLS-RACOON & CISCO VPN MINI-HOWTO

Comments (0)

Add a Comment:

Thanks for Hearting!

Not a Kaboodler? Join Now, It's Free!

Sign in to Kaboodle