documentation:examples:gre_ipsec_and_openvpn
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
documentation:examples:gre_ipsec_and_openvpn [2020/01/12 17:55] – [Router 1] olivier | documentation:examples:gre_ipsec_and_openvpn [2020/01/12 18:31] – [VM4: OpenVPN client] olivier | ||
---|---|---|---|
Line 79: | Line 79: | ||
< | < | ||
- | sysrc hostname=R1 \ | + | sysrc hostname=VM1 \ |
| | ||
| | ||
Line 87: | Line 87: | ||
| | ||
ifconfig -l | grep -q vtnet && sed -i "" | ifconfig -l | grep -q vtnet && sed -i "" | ||
- | hostname | + | hostname |
service netif restart | service netif restart | ||
service routing restart | service routing restart | ||
Line 94: | Line 94: | ||
==== Router 2 ==== | ==== Router 2 ==== | ||
- | Router 2 base configuration: | + | Router 2 base configuration: |
< | < | ||
- | sysrc hostname=R2 | + | sysrc hostname=VM2 \ |
- | sysrc ifconfig_em0=" | + | ifconfig_em0=" |
- | sysrc ifconfig_em0_ipv6=" | + | ifconfig_em0_ipv6=" |
- | sysrc ifconfig_em1=" | + | ifconfig_em1=" |
- | sysrc ifconfig_em1_ipv6=" | + | ifconfig_em1_ipv6=" |
- | sysrc defaultrouter=" | + | defaultrouter=" |
- | sysrc ipv6_defaultrouter=" | + | ipv6_defaultrouter=" |
ifconfig -l | grep -q vtnet && sed -i "" | ifconfig -l | grep -q vtnet && sed -i "" | ||
- | hostname | + | hostname |
service netif restart | service netif restart | ||
service routing restart | service routing restart | ||
Line 115: | Line 115: | ||
< | < | ||
- | sysrc hostname=R3 | + | sysrc hostname=VM3 \ |
- | sysrc ifconfig_em1=" | + | |
- | sysrc ifconfig_em1_ipv6=" | + | |
- | sysrc ifconfig_em2=" | + | |
- | sysrc ifconfig_em2_ipv6=" | + | |
ifconfig -l | grep -q vtnet && sed -i "" | ifconfig -l | grep -q vtnet && sed -i "" | ||
- | hostname | + | hostname |
service netif restart | service netif restart | ||
config save | config save | ||
Line 127: | Line 127: | ||
==== Router 4 ==== | ==== Router 4 ==== | ||
- | Router 4 base configuration, | + | Router 4 base configuration, |
< | < | ||
- | sysrc hostname=R4 | + | sysrc hostname=VM4 \ |
- | sysrc ifconfig_em2=" | + | |
- | sysrc ifconfig_em2_ipv6=" | + | |
- | sysrc ifconfig_em3=" | + | |
- | sysrc ifconfig_em3_ipv6=" | + | |
- | sysrc defaultrouter=" | + | |
- | sysrc ipv6_defaultrouter=" | + | |
ifconfig -l | grep -q vtnet && sed -i "" | ifconfig -l | grep -q vtnet && sed -i "" | ||
- | hostname | + | hostname |
service netif restart | service netif restart | ||
service routing restart | service routing restart | ||
Line 145: | Line 145: | ||
==== Router 5 ==== | ==== Router 5 ==== | ||
- | Router 5 has the same workstation mode configuration as R1. | + | Router 5 has the same workstation mode configuration as VM1. |
< | < | ||
- | sysrc hostname=R5 | + | sysrc hostname=VM5 \ |
- | sysrc gateway_enable=NO | + | |
- | sysrc ipv6_gateway_enable=NO | + | |
- | sysrc ifconfig_em3=" | + | |
- | sysrc ifconfig_em3_ipv6=" | + | |
- | sysrc defaultrouter=" | + | |
- | sysrc ipv6_defaultrouter=" | + | |
ifconfig -l | grep -q vtnet && sed -i "" | ifconfig -l | grep -q vtnet && sed -i "" | ||
- | hostname | + | hostname |
service netif restart | service netif restart | ||
service routing restart | service routing restart | ||
Line 174: | Line 174: | ||
Here is the parameters to add: | Here is the parameters to add: | ||
< | < | ||
- | sysrc cloned_interfaces=gre0 | + | sysrc cloned_interfaces=gre0 |
- | sysrc ifconfig_gre0=" | + | |
- | sysrc ifconfig_gre0_ipv6=" | + | |
- | sysrc static_routes=" | + | |
- | sysrc route_tunnel4=" | + | |
- | sysrc ipv6_route_tunnel6=" | + | |
- | sysrc ipv6_static_routes=" | + | |
service netif restart | service netif restart | ||
service routing restart | service routing restart | ||
Line 187: | Line 187: | ||
==== Router 4 ==== | ==== Router 4 ==== | ||
- | Configure the GRE tunnel using R2 IPv4 as end-point. | + | Configure the GRE tunnel using VM2 IPv4 as end-point. |
=== Modify configuration === | === Modify configuration === | ||
Line 193: | Line 193: | ||
Here is the parameters to add: | Here is the parameters to add: | ||
< | < | ||
- | sysrc cloned_interfaces=gre0 | + | sysrc cloned_interfaces=gre0 |
- | sysrc ifconfig_gre0=" | + | |
- | sysrc ifconfig_gre0_ipv6=" | + | |
- | sysrc static_routes=" | + | |
- | sysrc route_tunnel4=" | + | |
- | sysrc ipv6_route_tunnel6=" | + | |
- | sysrc ipv6_static_routes=" | + | |
service netif restart | service netif restart | ||
service routing restart | service routing restart | ||
Line 207: | Line 207: | ||
< | < | ||
- | [root@R1]~# ping -c 3 10.0.45.5 | + | [root@VM1]~# ping -c 3 10.0.45.5 |
PING 10.0.45.5 (10.0.45.5): | PING 10.0.45.5 (10.0.45.5): | ||
64 bytes from 10.0.45.5: icmp_seq=0 ttl=62 time=18.659 ms | 64 bytes from 10.0.45.5: icmp_seq=0 ttl=62 time=18.659 ms | ||
Line 216: | Line 216: | ||
3 packets transmitted, | 3 packets transmitted, | ||
round-trip min/ | round-trip min/ | ||
- | [root@R1]~# ping6 -c3 2001: | + | [root@VM1]~# ping6 -c3 2001: |
PING6(56=40+8+8 bytes) 2001: | PING6(56=40+8+8 bytes) 2001: | ||
16 bytes from 2001: | 16 bytes from 2001: | ||
Line 255: | Line 255: | ||
==== Router 4 ==== | ==== Router 4 ==== | ||
- | Configure the 2 gif tunnel using R2 addresses as end-point. | + | Configure the 2 gif tunnel using VM2 addresses as end-point. |
Here are the changes to apply to rc file: | Here are the changes to apply to rc file: | ||
Line 273: | Line 273: | ||
< | < | ||
- | [root@R1]~# ping -c 3 10.0.45.5 | + | [root@VM1]~# ping -c 3 10.0.45.5 |
PING 10.0.45.5 (10.0.45.5): | PING 10.0.45.5 (10.0.45.5): | ||
64 bytes from 10.0.45.5: icmp_seq=0 ttl=62 time=18.659 ms | 64 bytes from 10.0.45.5: icmp_seq=0 ttl=62 time=18.659 ms | ||
Line 282: | Line 282: | ||
3 packets transmitted, | 3 packets transmitted, | ||
round-trip min/ | round-trip min/ | ||
- | [root@R1]~# ping6 -c3 2001: | + | [root@VM1]~# ping6 -c3 2001: |
PING6(56=40+8+8 bytes) 2001: | PING6(56=40+8+8 bytes) 2001: | ||
16 bytes from 2001: | 16 bytes from 2001: | ||
Line 329: | Line 329: | ||
And check it: | And check it: | ||
< | < | ||
- | [root@R2]~# setkey -DP | + | [root@VM2]~# setkey -DP |
10.0.45.0/ | 10.0.45.0/ | ||
in ipsec | in ipsec | ||
Line 350: | Line 350: | ||
spid=3 seq=0 pid=66654 scope=global | spid=3 seq=0 pid=66654 scope=global | ||
refcnt=1 | refcnt=1 | ||
- | [root@R2]~# setkey -D | + | [root@VM2]~# setkey -D |
2001: | 2001: | ||
esp mode=any spi=4099(0x00001003) reqid=0(0x00000000) | esp mode=any spi=4099(0x00001003) reqid=0(0x00000000) | ||
Line 402: | Line 402: | ||
</ | </ | ||
- | Create a file / | + | Create a file / |
< | < | ||
Line 427: | Line 427: | ||
=== Testing === | === Testing === | ||
- | Start a tcpdump on R3-em1 and from R1 ping R5: | + | Start a tcpdump on VM3-em1 and from VM1 ping VM5: |
< | < | ||
- | [root@R3]~# tcpdump -pni em1 | + | [root@VM3]~# tcpdump -pni em1 |
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode | ||
listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes | listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes | ||
Line 446: | Line 446: | ||
< | < | ||
- | [root@R1]/etc/rc.d# ping 10.0.45.5 | + | [root@VM1]/etc/rc.d# ping 10.0.45.5 |
PING 10.0.45.5 (10.0.45.5): | PING 10.0.45.5 (10.0.45.5): | ||
64 bytes from 10.0.45.5: icmp_seq=0 ttl=62 time=3.014 ms | 64 bytes from 10.0.45.5: icmp_seq=0 ttl=62 time=3.014 ms | ||
64 bytes from 10.0.45.5: icmp_seq=1 ttl=62 time=2.851 ms | 64 bytes from 10.0.45.5: icmp_seq=1 ttl=62 time=2.851 ms | ||
64 bytes from 10.0.45.5: icmp_seq=2 ttl=62 time=1.942 ms | 64 bytes from 10.0.45.5: icmp_seq=2 ttl=62 time=1.942 ms | ||
- | [root@R1]~# ping6 2001: | + | [root@VM1]~# ping6 2001: |
PING6(56=40+8+8 bytes) 2001: | PING6(56=40+8+8 bytes) 2001: | ||
16 bytes from 2001: | 16 bytes from 2001: | ||
Line 583: | Line 583: | ||
=== Testing === | === Testing === | ||
- | Like previous test, ping R5 from R1 with a tcpdump on R3, and racoon log displayed on R2: | + | Like previous test, ping VM5 from VM1 with a tcpdump on VM3, and racoon log displayed on VM2: |
- | R3 tcpdump paquets: | + | VM3 tcpdump paquets: |
< | < | ||
- | [root@R3]~# tcpdump -pni em1 | + | [root@VM3]~# tcpdump -pni em1 |
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode | ||
listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes | listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes | ||
Line 629: | Line 629: | ||
</ | </ | ||
- | Racoon log file on R2: | + | Racoon log file on VM2: |
< | < | ||
- | [root@R2]~# tail -f / | + | [root@VM2]~# tail -f / |
2013-10-26 09:28:01: INFO: 2001: | 2013-10-26 09:28:01: INFO: 2001: | ||
2013-10-26 09:28:01: INFO: 2001: | 2013-10-26 09:28:01: INFO: 2001: | ||
Line 661: | Line 661: | ||
</ | </ | ||
- | Ping result on R1: | + | Ping result on VM1: |
< | < | ||
- | [root@R1]# ping 10.0.45.5 | + | [root@VM1]# ping 10.0.45.5 |
PING 10.0.45.5 (10.0.45.5): | PING 10.0.45.5 (10.0.45.5): | ||
64 bytes from 10.0.45.5: icmp_seq=2 ttl=62 time=2.846 ms | 64 bytes from 10.0.45.5: icmp_seq=2 ttl=62 time=2.846 ms | ||
Line 670: | Line 670: | ||
64 bytes from 10.0.45.5: icmp_seq=4 ttl=62 time=2.987 ms | 64 bytes from 10.0.45.5: icmp_seq=4 ttl=62 time=2.987 ms | ||
64 bytes from 10.0.45.5: icmp_seq=5 ttl=62 time=2.289 ms | 64 bytes from 10.0.45.5: icmp_seq=5 ttl=62 time=2.289 ms | ||
- | [root@R1]~# ping6 2001: | + | [root@VM1]~# ping6 2001: |
PING6(56=40+8+8 bytes) 2001: | PING6(56=40+8+8 bytes) 2001: | ||
16 bytes from 2001: | 16 bytes from 2001: | ||
Line 684: | Line 684: | ||
=== Router 2 === | === Router 2 === | ||
- | Configure strongswan on R2 with: | + | Configure strongswan on VM2 with: |
* IKEv2 | * IKEv2 | ||
* Preshared-key | * Preshared-key | ||
Line 702: | Line 702: | ||
| | ||
- | conn R4 | + | conn VM4 |
left=10.0.23.2 | left=10.0.23.2 | ||
leftsubnet=10.0.12.0/ | leftsubnet=10.0.12.0/ | ||
- | leftid=R2 | + | leftid=VM2 |
right=10.0.34.4 | right=10.0.34.4 | ||
rightsubnet=10.0.45.0/ | rightsubnet=10.0.45.0/ | ||
- | rightid=R4 | + | rightid=VM4 |
auto=start | auto=start | ||
' | ' | ||
Line 717: | Line 717: | ||
< | < | ||
cat > / | cat > / | ||
- | R4 R2 : PSK "This is a strong password" | + | VM4 VM2 : PSK "This is a strong password" |
' | ' | ||
</ | </ | ||
Line 730: | Line 730: | ||
=== Router 4 === | === Router 4 === | ||
- | Configure strongswan on R4 with: | + | Configure strongswan on VM4 with: |
* IKEv2 | * IKEv2 | ||
* Preshared-key | * Preshared-key | ||
Line 747: | Line 747: | ||
dpdaction=restart | dpdaction=restart | ||
dpddelay=5 | dpddelay=5 | ||
- | conn R2 | + | conn VM2 |
left=10.0.34.4 | left=10.0.34.4 | ||
leftsubnet=10.0.45.0/ | leftsubnet=10.0.45.0/ | ||
- | leftid=R4 | + | leftid=VM4 |
right=10.0.23.2 | right=10.0.23.2 | ||
rightsubnet=10.0.12.0/ | rightsubnet=10.0.12.0/ | ||
- | rightid=R2 | + | rightid=VM2 |
auto=route | auto=route | ||
' | ' | ||
Line 762: | Line 762: | ||
< | < | ||
cat > / | cat > / | ||
- | R4 R2 : PSK "This is a strong password" | + | VM4 VM2 : PSK "This is a strong password" |
' | ' | ||
</ | </ | ||
Line 775: | Line 775: | ||
=== Testing === | === Testing === | ||
- | Like previous test, ping R5 from R1 with a tcpdump on R3, and racoon log displayed on R2: | + | Like previous test, ping VM5 from VM1 with a tcpdump on VM3, and racoon log displayed on VM2: |
- | R3 tcpdump paquets: | + | VM3 tcpdump paquets: |
< | < | ||
- | [root@R3]~# tcpdump -pni em1 | + | [root@VM3]~# tcpdump -pni em1 |
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode | ||
listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes | listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes | ||
Line 801: | Line 801: | ||
</ | </ | ||
- | Log file on R2: | + | Log file on VM2: |
< | < | ||
- | [root@R2]~# tail -f / | + | [root@VM2]~# tail -f / |
- | Jun 8 00: | + | Jun 8 00: |
- | Jun 8 00: | + | Jun 8 00: |
- | Jun 8 00: | + | Jun 8 00: |
- | Jun 8 00: | + | Jun 8 00: |
- | Jun 8 00: | + | Jun 8 00: |
- | Jun 8 00: | + | Jun 8 00: |
- | Jun 8 00: | + | Jun 8 00: |
- | Jun 8 00: | + | Jun 8 00: |
- | Jun 8 00: | + | Jun 8 00: |
- | Jun 8 00: | + | Jun 8 00: |
</ | </ | ||
- | Ping result on R1: | + | Ping result on VM1: |
< | < | ||
- | [root@R1]# ping 10.0.45.5 | + | [root@VM1]# ping 10.0.45.5 |
PING 10.0.45.5 (10.0.45.5): | PING 10.0.45.5 (10.0.45.5): | ||
64 bytes from 10.0.45.5: icmp_seq=2 ttl=62 time=2.846 ms | 64 bytes from 10.0.45.5: icmp_seq=2 ttl=62 time=2.846 ms | ||
Line 825: | Line 825: | ||
64 bytes from 10.0.45.5: icmp_seq=4 ttl=62 time=2.987 ms | 64 bytes from 10.0.45.5: icmp_seq=4 ttl=62 time=2.987 ms | ||
64 bytes from 10.0.45.5: icmp_seq=5 ttl=62 time=2.289 ms | 64 bytes from 10.0.45.5: icmp_seq=5 ttl=62 time=2.289 ms | ||
- | [root@R1]~# ping6 2001: | + | [root@VM1]~# ping6 2001: |
PING6(56=40+8+8 bytes) 2001: | PING6(56=40+8+8 bytes) 2001: | ||
16 bytes from 2001: | 16 bytes from 2001: | ||
Line 839: | Line 839: | ||
< | < | ||
sysrc cloned_interfaces=ipsec0 | sysrc cloned_interfaces=ipsec0 | ||
- | sysrc create_args_ipsec0=" | + | create_args_ipsec0=" |
- | sysrc ifconfig_ipsec0=" | + | |
- | sysrc ifconfig_ipsec0_ipv6=" | + | |
- | sysrc static_routes=" | + | |
- | sysrc route_tunnel4=" | + | |
- | sysrc ipv6_route_tunnel6=" | + | |
- | sysrc ipv6_static_routes=" | + | |
cat > / | cat > / | ||
flush; | flush; | ||
Line 853: | Line 853: | ||
EOF | EOF | ||
service netif restart | service netif restart | ||
- | sysrc ipsec_enable=YES | + | service ipsec enable |
service ipsec restart | service ipsec restart | ||
service routing restart | service routing restart | ||
Line 861: | Line 861: | ||
< | < | ||
- | [root@R2]~# setkey -DP | + | [root@VM2]~# setkey -DP |
0.0.0.0/ | 0.0.0.0/ | ||
in ipsec | in ipsec | ||
Line 882: | Line 882: | ||
spid=4 seq=0 pid=778 scope=ifnet ifname=ipsec0 | spid=4 seq=0 pid=778 scope=ifnet ifname=ipsec0 | ||
refcnt=1 | refcnt=1 | ||
- | [root@R2]~# setkey -D | + | [root@VM2]~# setkey -D |
10.0.34.4 10.0.23.2 | 10.0.34.4 10.0.23.2 | ||
esp mode=tunnel spi=4097(0x00001001) reqid=100(0x00000064) | esp mode=tunnel spi=4097(0x00001001) reqid=100(0x00000064) | ||
Line 903: | Line 903: | ||
allocated: 2 hard: 0 soft: 0 | allocated: 2 hard: 0 soft: 0 | ||
sadb_seq=0 pid=1649 refcnt=1 | sadb_seq=0 pid=1649 refcnt=1 | ||
- | [root@R2]~# ifconfig ipsec0 | + | [root@VM2]~# ifconfig ipsec0 |
ipsec0: flags=8051< | ipsec0: flags=8051< | ||
tunnel inet 10.0.23.2 --> 10.0.34.4 | tunnel inet 10.0.23.2 --> 10.0.34.4 | ||
Line 917: | Line 917: | ||
< | < | ||
- | sysrc cloned_interfaces=ipsec0 | + | sysrc cloned_interfaces=ipsec0 |
- | sysrc create_args_ipsec0=" | + | |
- | sysrc ifconfig_ipsec0=" | + | |
- | sysrc ifconfig_ipsec0_ipv6=" | + | |
- | sysrc static_routes=" | + | |
- | sysrc route_tunnel4=" | + | |
- | sysrc ipv6_route_tunnel6=" | + | |
- | sysrc ipv6_static_routes=" | + | |
cat > / | cat > / | ||
flush; | flush; | ||
Line 932: | Line 932: | ||
EOF | EOF | ||
service netif restart | service netif restart | ||
- | sysrc ipsec_enable=YES | + | service ipsec enable |
service ipsec restart | service ipsec restart | ||
service routing restart | service routing restart | ||
Line 940: | Line 940: | ||
< | < | ||
- | [root@R1]~# ping -c 3 10.0.45.5 | + | [root@VM1]~# ping -c 3 10.0.45.5 |
PING 10.0.45.5 (10.0.45.5): | PING 10.0.45.5 (10.0.45.5): | ||
64 bytes from 10.0.45.5: icmp_seq=0 ttl=62 time=0.944 ms | 64 bytes from 10.0.45.5: icmp_seq=0 ttl=62 time=0.944 ms | ||
Line 949: | Line 949: | ||
3 packets transmitted, | 3 packets transmitted, | ||
round-trip min/ | round-trip min/ | ||
- | [root@R1]~# ping6 -c3 2001: | + | [root@VM1]~# ping6 -c3 2001: |
PING6(56=40+8+8 bytes) 2001: | PING6(56=40+8+8 bytes) 2001: | ||
16 bytes from 2001: | 16 bytes from 2001: | ||
Line 964: | Line 964: | ||
==== CA and certificates generation ==== | ==== CA and certificates generation ==== | ||
- | All these step will be done on R2 (OpenVPN server) | + | All these step will be done on VM2 (OpenVPN server) |
Start by copying easyrsa3 configuration folder and define new configuration file: | Start by copying easyrsa3 configuration folder and define new configuration file: | ||
Line 970: | Line 970: | ||
cp -r / | cp -r / | ||
setenv EASYRSA / | setenv EASYRSA / | ||
+ | setenv EASYRSA_PKI $EASYRSA/ | ||
</ | </ | ||
Line 980: | Line 981: | ||
Build a root certificate: | Build a root certificate: | ||
< | < | ||
- | [root@R2]~# easyrsa build-ca nopass | + | [root@VM2]~# easyrsa build-ca nopass |
Note: using Easy-RSA configuration from: / | Note: using Easy-RSA configuration from: / | ||
Line 1003: | Line 1004: | ||
</ | </ | ||
- | Make a server certificate called | + | Make a server certificate called |
< | < | ||
- | easyrsa build-server-full | + | easyrsa build-server-full |
- | easyrsa build-client-full | + | easyrsa build-client-full |
</ | </ | ||
- | ==== R2: OpenVPN server ==== | + | ==== VM2: OpenVPN server ==== |
Create the openvpn configuration file for server mode as / | Create the openvpn configuration file for server mode as / | ||
Line 1018: | Line 1019: | ||
tun-ipv6 | tun-ipv6 | ||
ca / | ca / | ||
- | cert / | + | cert / |
- | key / | + | key / |
dh / | dh / | ||
server 10.0.24.0 255.255.255.0 | server 10.0.24.0 255.255.255.0 | ||
Line 1032: | Line 1033: | ||
</ | </ | ||
- | Create the Client-Configuration-dir and declare the volatile route to the subnet behind the client | + | Create the Client-Configuration-dir and declare the volatile route to the subnet behind the client |
< | < | ||
mkdir / | mkdir / | ||
- | cat > / | + | cat > / |
iroute 10.0.45.0 255.255.255.0 | iroute 10.0.45.0 255.255.255.0 | ||
iroute-ipv6 2001: | iroute-ipv6 2001: | ||
Line 1053: | Line 1054: | ||
passwd | passwd | ||
</ | </ | ||
- | ==== R4: OpenVPN client ==== | + | ==== VM4: OpenVPN client ==== |
- | As OpenVPN client, | + | As OpenVPN client, |
* ca.crt | * ca.crt | ||
- | * R4.crt | + | * VM4.crt |
- | * R4.key | + | * VM4.key |
On this lab, scp can be used for getting these files: | On this lab, scp can be used for getting these files: | ||
Line 1064: | Line 1065: | ||
mkdir / | mkdir / | ||
scp 10.0.23.2:/ | scp 10.0.23.2:/ | ||
- | scp 10.0.23.2:/ | + | scp 10.0.23.2:/ |
- | scp 10.0.23.2:/ | + | scp 10.0.23.2:/ |
</ | </ | ||
Line 1076: | Line 1077: | ||
remote 10.0.23.2 | remote 10.0.23.2 | ||
ca ca.crt | ca ca.crt | ||
- | cert R4.crt | + | cert VM4.crt |
- | key R4.key | + | key VM4.key |
' | ' | ||
</ | </ | ||
Line 1083: | Line 1084: | ||
Enable and start openvpn: | Enable and start openvpn: | ||
< | < | ||
- | sysrc openvpn_enable=YES | + | service openvpn enable |
service openvpn start | service openvpn start | ||
</ | </ | ||
==== Testing ==== | ==== Testing ==== | ||
- | Pinging | + | Pinging |
< | < | ||
- | [root@R1]~# ping6 2001: | + | [root@VM1]~# ping6 2001: |
PING6(56=40+8+8 bytes) 2001: | PING6(56=40+8+8 bytes) 2001: | ||
16 bytes from 2001: | 16 bytes from 2001: | ||
Line 1100: | Line 1101: | ||
round-trip min/ | round-trip min/ | ||
- | [root@R1]~# ping 10.0.45.5 | + | [root@VM1]~# ping 10.0.45.5 |
PING 10.0.45.5 (10.0.45.5): | PING 10.0.45.5 (10.0.45.5): | ||
64 bytes from 10.0.45.5: icmp_seq=0 ttl=62 time=3.192 ms | 64 bytes from 10.0.45.5: icmp_seq=0 ttl=62 time=3.192 ms | ||
Line 1111: | Line 1112: | ||
</ | </ | ||
- | OpenVPN log file on R2: | + | OpenVPN log file on VM2: |
< | < | ||
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
</ | </ | ||
- | OpenVPN log file on R4: | + | OpenVPN log file on VM4: |
< | < | ||
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
- | Oct 26 16: | + | Oct 26 16: |
</ | </ | ||
- | Tcpdump on R3: | + | Tcpdump on VM3: |
< | < | ||
- | [root@R3]~# tcpdump -pni em1 | + | [root@VM3]~# tcpdump -pni em1 |
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode | ||
listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes | listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes |
documentation/examples/gre_ipsec_and_openvpn.txt · Last modified: 2023/07/10 12:40 by olivier