12,274
edits
FireBrick IPsec Tunnel with Manual Keys (Deprecated): Difference between revisions
FireBrick IPsec Tunnel with Manual Keys (Deprecated) (view source)
Revision as of 10:51, 28 June 2013
, 28 June 2013no edit summary
No edit summary |
No edit summary |
||
|
Here we will create a tunnel between 2 firebricks, Paul and Andrew.
==Side A Config==
<ipsec name="Andrew-ipsec" mtu="1500" graph="andrew-ipsec" local-ip="2001:8b0:d6:1::1" remote-ip="2001:8b0:1635::1" local-spi="4242" remote-spi="999" auth-algorithm="AES-XCBC" auth-key="1310B855522E8D457B814BD9DD78B6AB" crypt-algorithm="AES-CBC" crypt-key="0BC4DF636566667BEEC9F02117CB57C3" routes="90.155.90.128/27 2001:8b0:1635::/64"/>
[[File:FireBrick-IPSec-SideA.png|300px|Screenshot]]
==Side B Config==
<ipsec name="Paul-ipsec" mtu="1500" graph="paul-ipsec" local-ip="2001:8b0:1635::1" remote-ip="2001:8b0:d6:1::1" local-spi="999" remote-spi="4242" auth-algorithm="AES-XCBC" auth-key="1310B855522E8D457B814BD9DD78B6AB" crypt-algorithm="AES-CBC" crypt-key="0BC4DF636566667BEEC9F02117CB57C3" routes="91.241.56.1 81.2.97.160/27 91.241.56.0/24 2001:8b0:d6::/48"/>
[[File:FireBrick-IPSec-SideB.png|300px]]
==Testing==
These 2 FireBricks both happen to be on AAISP FTTC lines, and a normal traceroute would go via the AAISP router, but when the IPSec tunnel is enabled the traceroute goes direct.
Traceroute Before:
$ traceroute 91.241.56.1
traceroute to 91.241.56.1 (91.241.56.1), 30 hops max, 60 byte packets
1 brick.h.hearn.org.uk (90.155.90.129) 0.344 ms 0.321 ms 0.310 ms
2 a.gormless.thn.aa.net.uk (90.155.53.51) 11.703 ms 11.712 ms 11.834 ms
3 brick.shibboleet.ltd.uk (91.241.56.1) 24.862 ms 24.871 ms 25.251 ms
Traceroute After:
$ traceroute 91.241.56.1
traceroute to 91.241.56.1 (91.241.56.1), 30 hops max, 60 byte packets
1 brick.h.hearn.org.uk (90.155.90.129) 0.358 ms 0.342 ms 0.329 ms
2 brick.shibboleet.ltd.uk (91.241.56.1) 26.178 ms 26.861 ms 27.123 ms
=FireBrick to Linux=
| |||