documentation:examples:gre_ipsec_and_openvpn
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
documentation:examples:gre_ipsec_and_openvpn [2020/01/13 14:19] – [Testing] olivier | documentation:examples:gre_ipsec_and_openvpn [2022/07/08 11:59] – [Tunnel with IKEv2 (strongswan)] olivier | ||
---|---|---|---|
Line 238: | Line 238: | ||
If you have previous gre configuration from the gre example: remove them. | If you have previous gre configuration from the gre example: remove them. | ||
- | |||
- | Here is the line to ADD to / | ||
< | < | ||
Line 252: | Line 250: | ||
service routing restart | service routing restart | ||
config save | config save | ||
+ | </ | ||
+ | |||
+ | Take care of avoiding fragmentation, | ||
+ | < | ||
+ | set skip on lo0 | ||
+ | scrub on gif1 inet all max-mss 1200 | ||
+ | scrub on gif1 inet6 all max-mss 1180 | ||
+ | pass | ||
</ | </ | ||
==== Router 4 ==== | ==== Router 4 ==== | ||
Line 257: | Line 263: | ||
Configure the 2 gif tunnel using VM2 addresses as end-point. | Configure the 2 gif tunnel using VM2 addresses as end-point. | ||
- | Here are the changes to apply to rc file: | ||
< | < | ||
sysrc cloned_interfaces=" | sysrc cloned_interfaces=" | ||
Line 692: | Line 697: | ||
< | < | ||
- | cat > / | + | cat > / |
config setup | config setup | ||
Line 710: | Line 715: | ||
rightid=VM4 | rightid=VM4 | ||
auto=start | auto=start | ||
- | 'EOF' | + | EOF |
</ | </ | ||
Line 716: | Line 721: | ||
< | < | ||
- | cat > / | + | cat > / |
VM4 VM2 : PSK "This is a strong password" | VM4 VM2 : PSK "This is a strong password" | ||
- | 'EOF' | + | EOF |
</ | </ | ||
Line 724: | Line 729: | ||
< | < | ||
- | sysrc strongswan_enable=YES | + | service strongswan enable |
service strongswan restart | service strongswan restart | ||
</ | </ | ||
Line 738: | Line 743: | ||
< | < | ||
- | cat > / | + | cat > / |
config setup | config setup | ||
Line 755: | Line 760: | ||
rightid=VM2 | rightid=VM2 | ||
auto=route | auto=route | ||
- | 'EOF' | + | EOF |
</ | </ | ||
Line 761: | Line 766: | ||
< | < | ||
- | cat > / | + | cat > / |
VM4 VM2 : PSK "This is a strong password" | VM4 VM2 : PSK "This is a strong password" | ||
- | 'EOF' | + | EOF |
</ | </ | ||
Line 769: | Line 774: | ||
< | < | ||
- | sysrc strongswan_enable=YES | + | service strongswan enable |
service strongswan restart | service strongswan restart | ||
</ | </ | ||
Line 1054: | Line 1059: | ||
passwd | passwd | ||
</ | </ | ||
- | ==== VM4: OpenVPN client ==== | ||
- | As OpenVPN | + | Now Generate |
- | * ca.crt | + | |
- | * VM4.crt | + | |
- | * VM4.key | + | |
- | On this lab, scp can be used for getting these files: | ||
< | < | ||
- | mkdir / | + | cat > / |
- | scp 10.0.23.2:/ | + | |
- | scp 10.0.23.2:/ | + | |
- | scp 10.0.23.2:/ | + | |
- | </ | + | |
- | + | ||
- | Configure openvpn as a client: | + | |
- | + | ||
- | < | + | |
- | cat > / | + | |
client | client | ||
dev tun | dev tun | ||
remote 10.0.23.2 | remote 10.0.23.2 | ||
- | ca ca.crt | + | <ca> |
- | cert VM4.crt | + | |
- | key VM4.key | + | |
' | ' | ||
+ | cat / | ||
+ | echo '</ | ||
+ | echo '< | ||
+ | cat / | ||
+ | echo '</ | ||
+ | echo '< | ||
+ | cat / | ||
+ | echo '</ | ||
</ | </ | ||
+ | ==== VM4: OpenVPN client ==== | ||
+ | |||
+ | As OpenVPN client, VM4 should get its openvpn configuration file (that embedded certificate and key) from VM2 and put them in / | ||
+ | |||
+ | On this lab, scp can be used for getting these files: | ||
+ | < | ||
+ | mkdir / | ||
+ | scp 10.0.23.2:/ | ||
+ | </ | ||
+ | |||
Enable and start openvpn: | Enable and start openvpn: |
documentation/examples/gre_ipsec_and_openvpn.txt · Last modified: 2023/07/10 12:40 by olivier