FireBrick IPsec Tunnel with Manual Keys (Deprecated): Difference between revisions
No edit summary |
No edit summary |
||
| Line 5: | Line 5: | ||
Here we will create a tunnel between 2 firebricks, Paul and Andrew. |
Here we will create a tunnel between 2 firebricks, Paul and Andrew. |
||
Side A |
==Side A Config== |
||
<ipsec name="Andrew-ipsec" mtu="1500" graph="andrew-ipsec" local-ip="2001:8b0:d6:1::1" remote-ip="2001:8b0:1635::1" local-spi="4242" remote-spi="999" auth-algorithm="AES-XCBC" auth-key="1310B855522E8D457B814BD9DD78B6AB" crypt-algorithm="AES-CBC" crypt-key="0BC4DF636566667BEEC9F02117CB57C3" routes="90.155.90.128/27 2001:8b0:1635::/64"/> |
<ipsec name="Andrew-ipsec" mtu="1500" graph="andrew-ipsec" local-ip="2001:8b0:d6:1::1" remote-ip="2001:8b0:1635::1" local-spi="4242" remote-spi="999" auth-algorithm="AES-XCBC" auth-key="1310B855522E8D457B814BD9DD78B6AB" crypt-algorithm="AES-CBC" crypt-key="0BC4DF636566667BEEC9F02117CB57C3" routes="90.155.90.128/27 2001:8b0:1635::/64"/> |
||
[[File:FireBrick-IPSec-SideA.png|300px|Screenshot]] |
[[File:FireBrick-IPSec-SideA.png|300px|Screenshot]] |
||
Side B |
==Side B Config== |
||
<ipsec name="Paul-ipsec" mtu="1500" graph="paul-ipsec" local-ip="2001:8b0:1635::1" remote-ip="2001:8b0:d6:1::1" local-spi="999" remote-spi="4242" auth-algorithm="AES-XCBC" auth-key="1310B855522E8D457B814BD9DD78B6AB" crypt-algorithm="AES-CBC" crypt-key="0BC4DF636566667BEEC9F02117CB57C3" routes="91.241.56.1 81.2.97.160/27 91.241.56.0/24 2001:8b0:d6::/48"/> |
<ipsec name="Paul-ipsec" mtu="1500" graph="paul-ipsec" local-ip="2001:8b0:1635::1" remote-ip="2001:8b0:d6:1::1" local-spi="999" remote-spi="4242" auth-algorithm="AES-XCBC" auth-key="1310B855522E8D457B814BD9DD78B6AB" crypt-algorithm="AES-CBC" crypt-key="0BC4DF636566667BEEC9F02117CB57C3" routes="91.241.56.1 81.2.97.160/27 91.241.56.0/24 2001:8b0:d6::/48"/> |
||
[[File:FireBrick-IPSec-SideB.png|300px]] |
[[File:FireBrick-IPSec-SideB.png|300px]] |
||
==Testing== |
|||
These 2 FireBricks both happen to be on AAISP FTTC lines, and a normal traceroute would go via the AAISP router, but when the IPSec tunnel is enabled the traceroute goes direct. |
|||
Traceroute Before: |
|||
$ traceroute 91.241.56.1 |
|||
traceroute to 91.241.56.1 (91.241.56.1), 30 hops max, 60 byte packets |
|||
1 brick.h.hearn.org.uk (90.155.90.129) 0.344 ms 0.321 ms 0.310 ms |
|||
2 a.gormless.thn.aa.net.uk (90.155.53.51) 11.703 ms 11.712 ms 11.834 ms |
|||
3 brick.shibboleet.ltd.uk (91.241.56.1) 24.862 ms 24.871 ms 25.251 ms |
|||
Traceroute After: |
|||
$ traceroute 91.241.56.1 |
|||
traceroute to 91.241.56.1 (91.241.56.1), 30 hops max, 60 byte packets |
|||
1 brick.h.hearn.org.uk (90.155.90.129) 0.358 ms 0.342 ms 0.329 ms |
|||
2 brick.shibboleet.ltd.uk (91.241.56.1) 26.178 ms 26.861 ms 27.123 ms |
|||
=FireBrick to Linux= |
=FireBrick to Linux= |
||
Revision as of 10:51, 28 Haziran 2013
FireBrick to FireBrick
Here we will create a tunnel between 2 firebricks, Paul and Andrew.
Side A Config
<ipsec name="Andrew-ipsec" mtu="1500" graph="andrew-ipsec" local-ip="2001:8b0:d6:1::1" remote-ip="2001:8b0:1635::1" local-spi="4242" remote-spi="999" auth-algorithm="AES-XCBC" auth-key="1310B855522E8D457B814BD9DD78B6AB" crypt-algorithm="AES-CBC" crypt-key="0BC4DF636566667BEEC9F02117CB57C3" routes="90.155.90.128/27 2001:8b0:1635::/64"/>
Side B Config
<ipsec name="Paul-ipsec" mtu="1500" graph="paul-ipsec" local-ip="2001:8b0:1635::1" remote-ip="2001:8b0:d6:1::1" local-spi="999" remote-spi="4242" auth-algorithm="AES-XCBC" auth-key="1310B855522E8D457B814BD9DD78B6AB" crypt-algorithm="AES-CBC" crypt-key="0BC4DF636566667BEEC9F02117CB57C3" routes="91.241.56.1 81.2.97.160/27 91.241.56.0/24 2001:8b0:d6::/48"/>
Testing
These 2 FireBricks both happen to be on AAISP FTTC lines, and a normal traceroute would go via the AAISP router, but when the IPSec tunnel is enabled the traceroute goes direct.
Traceroute Before:
$ traceroute 91.241.56.1 traceroute to 91.241.56.1 (91.241.56.1), 30 hops max, 60 byte packets 1 brick.h.hearn.org.uk (90.155.90.129) 0.344 ms 0.321 ms 0.310 ms 2 a.gormless.thn.aa.net.uk (90.155.53.51) 11.703 ms 11.712 ms 11.834 ms 3 brick.shibboleet.ltd.uk (91.241.56.1) 24.862 ms 24.871 ms 25.251 ms
Traceroute After:
$ traceroute 91.241.56.1 traceroute to 91.241.56.1 (91.241.56.1), 30 hops max, 60 byte packets 1 brick.h.hearn.org.uk (90.155.90.129) 0.358 ms 0.342 ms 0.329 ms 2 brick.shibboleet.ltd.uk (91.241.56.1) 26.178 ms 26.861 ms 27.123 ms