Site-to-Site VPN (PSK) on Ubuntu

ondacloud·6일 전
PSKSite-to-Site VPNVMwareubuntu
0

Linux

목록 보기
11/11
post-thumbnail

Environment: Ubuntu 24.04 LTS

Setting VMnet

Common Setting

패키지서버에서 패키지를 다운 받아야 하기 때문에 NAT인 VMnet0를 사용합니다.

vim /etc/vim/vimrc
set number
vim /etc/netplan/config.yaml
network:
  version: 2
  ethernets:
    ens33:
     dhcp4: true
apt update -y
apt upgrade -y
apt install -y net-tools

IP Setting

패키지 설치 후 해당 머신에 맞는 VMnet으로 변경합니다.

[Client_A]

echo 'client-a' > /etc/hostname
vim /etc/netplan/config.yaml
network:
  version: 2
  renderer: networkd
  ethernets:
    ens33:
      addresses: [192.168.10.254/24]
      routes:
        - to: default
          via: 192.168.10.1
netplan apply

[Client_B]

echo 'client-b' > /etc/hostname
vim /etc/netplan/config.yaml
network:
  version: 2
  renderer: networkd
  ethernets:
    ens33:
      addresses: [192.168.10.254/24]
      routes:
        - to: default
          via: 192.168.10.1
netplan apply

[Server_A]

echo 'server-a' > /etc/hostname
vim /etc/netplan/config.yaml                                                                    
network:
	version: 2
  ethernets:
		ens33:
			addresses: [192.168.10.1/24]
    	ens36:
			addresses: [10.0.0.1/24]
			routes:
				- to: 10.0.1.0/24
					via: 10.0.0.1
netplan apply

[Server_B]

echo 'server-b' > /etc/hostname
vim /etc/netplan/config.yaml
network:
	version: 2
	renderer: networkd
	ethernets:
		ens33:
			addresses: [192.168.20.1/24]
    	ens36:
			addresses: [10.0.1.1/24]
			routes:
				- to: 10.0.0.0/24
					via: 10.0.1.1
netplan apply

Setting Site-to-Site VPN

[Server_A]

apt install -y strongswan
systemctl enable --now ipsec
vim /etc/ipsec.conf	
conn s2s
	type=tunnel
	left=10.0.0.1
	leftsubnet=192.168.10.0/24
	right=10.0.1.1
	rightsubnet=192.168.20.0/24
	keyexchange=ikev2
	authby=secret
	leftauth=psk
	rightauth=psk
	auto=start
	ike=aes128-sha1-modp2048
	ikelifetime=28800
	esp=3des-md5-modp2048
	lifetime=3600
	compress=no
	keyingtries=%forever
vim /etc/ipsec.secrets
10.0.0.1 10.0.1.1 : PSK "S2S"
systemctl restart strongswan-starter
ipsec statusall


[Server_B]

apt install -y strongswan
systemctl enable --now ipsec
vim /etc/ipsec.conf
conn s2s
	type=tunnel
    left=10.0.1.1
    leftsubnet=192.168.20.0/24
    right=10.0.0.1
    rightsubnet=192.168.10.0/24
    keyexchange=ikev2
    authby=secret
    leftauth=psk
    rightauth=psk
    auto=start
    ike=aes128-sha1-modp2048
    ikelifetime=28800
    esp=3des-md5-modp2048
    lifetime=3600
    compress=no
    keyingtries=%forever
vim /etc/ipsec.secrets
10.0.0.1 10.0.1.1 : PSK "S2S"
systemctl restart strongswan-starter
ipsec statusall

Result

[Client_A]

ping 192.168.20.254 -c 4

tcpdump -p icmp -n


[Client_B]

ping 192.168.10.254 -c 4

tcpdump -p icmp -n

profile
ondacloud
클라우드 엔지니어가 목표인 학생
이전 포스트

[Linux] UFW

0개의 댓글