2 vpn channels with gre tunnel ans ospf quagga

Aus xinux.net
Zur Navigation springen Zur Suche springen

gustavo

strongswan

  • /etc/ipsec.conf
conn gustavo-tiazel-1
      authby=secret
      type=transport
      left=10.84.252.33
      right=10.84.252.32
      auto=start

conn gustavo-tiazel-2
      authby=secret
      type=transport
      left=10.84.244.33
      right=10.84.244.32
      auto=start
  • /etc/ipsec.secret
10.84.252.33 10.84.252.31  : PSK "suxer"
10.84.244.33 10.84.244.31  : PSK "suxer"

gre tunnel

#!/bin/bash
modprobe ip_gre
LIP1="10.84.252.33"
RIP1="10.84.252.32"
LIP2="10.84.244.33"
RIP2="10.84.244.32"
LTIP1="10.1.1.33"
RTIP1="10.1.1.32"
LTIP2="10.1.8.33"
RTIP2="10.1.8.32"


ip tunnel add gt1 mode gre remote $RIP1 local $LIP1 ttl 255
ip tunnel add gt2 mode gre remote $RIP2 local $LIP2 ttl 255
ip address add dev gt1  $LTIP1 peer $RTIP1/32
ip address add dev gt2  $LTIP2 peer $RTIP2/32
ip link set gt1 up
ip link set gt2 up

quagga

log file /var/log/quagga/quagga.log
!
interface dummy0
 ipv6 nd suppress-ra
 no link-detect
!
interface ens3
 ipv6 nd suppress-ra
 no link-detect
!
interface ens6
 ipv6 nd suppress-ra
 no link-detect
!
interface ens7
 ipv6 nd suppress-ra
 no link-detect
!
interface gre0
 ipv6 nd suppress-ra
 no link-detect
!
interface gretap0
 ipv6 nd suppress-ra
 no link-detect
!
interface gt1
 ipv6 nd suppress-ra
 no link-detect
!
interface gt2
 ipv6 nd suppress-ra
 no link-detect
!
interface lo
 no link-detect
!
router ospf
 ospf router-id 10.83.33.1
 redistribute static
 passive-interface ens6
 network 10.1.1.32/32 area 0.0.0.0
 network 10.1.8.32/32 area 0.0.0.0
 network 10.83.33.0/24 area 0.0.0.0
 network 192.168.77.0/24 area 0.0.0.0
 !
ip forwarding
!
line vty

tiazel

strongswan

  • /etc/ipsec.conf
conn gustavo-tiazel-1
      authby=secret
      type=transport
      left=10.84.252.33
      right=10.84.252.32
      auto=start

conn gustavo-tiazel-2
      authby=secret
      type=transport
      left=10.84.244.33
      right=10.84.244.32
      auto=start
  • /etc/ipsec.secret
10.84.252.32 10.84.252.33 : PSK "suxer"
10.84.244.32 10.84.244.33 : PSK "suxer"

gre tunnel

#!/bin/bash
modprobe ip_gre
LIP1="10.84.252.32"
RIP1="10.84.252.33"
LIP2="10.84.244.32"
RIP2="10.84.244.33"
LTIP1="10.1.1.32"
RTIP1="10.1.1.33"
LTIP2="10.1.8.32"
RTIP2="10.1.8.33"


ip tunnel add gt1 mode gre remote $RIP1 local $LIP1 ttl 255
ip tunnel add gt2 mode gre remote $RIP2 local $LIP2 ttl 255
ip address add dev gt1  $LTIP1 peer $RTIP1/32
ip address add dev gt2  $LTIP2 peer $RTIP2/32

ip link set gt1 up
ip link set gt2 up

quagga

log file /var/log/quagga/quagga.log
!
interface dummy0
 ipv6 nd suppress-ra
 no link-detect
!
interface ens3
 ipv6 nd suppress-ra
 no link-detect
!
interface ens6
 ipv6 nd suppress-ra
 no link-detect
!
interface ens7
 ipv6 nd suppress-ra
 no link-detect
!
interface gre0
 ipv6 nd suppress-ra
 no link-detect
!
interface gretap0
 ipv6 nd suppress-ra
 no link-detect
!
interface gt1
 ipv6 nd suppress-ra
 no link-detect
!
interface gt2
 ipv6 nd suppress-ra
 no link-detect
!
interface lo
 no link-detect
!
router ospf
 ospf router-id 10.83.32.1
 passive-interface ens6
 network 10.1.1.33/32 area 0.0.0.0
 network 10.1.8.33/32 area 0.0.0.0
 network 10.83.32.0/24 area 0.0.0.0
!
ip route 192.168.77.0/24 10.83.32.11
!
ip forwarding
!
line vty

Infos

Ospf2.png

gustavo

  • show ip ospf route
============ OSPF network routing table ============
N    10.1.1.32/32          [10] area: 0.0.0.0
                           directly attached to gt1
N    10.1.8.32/32          [10] area: 0.0.0.0
                           directly attached to gt2
N    10.83.32.0/24         [20] area: 0.0.0.0
                           via 10.1.1.32, gt1
                           via 10.1.8.32, gt2
N    10.83.33.0/24         [10] area: 0.0.0.0
                           directly attached to ens6

============ OSPF router routing table =============
R    10.83.32.1            [10] area: 0.0.0.0, ASBR
                           via 10.1.1.32, gt1
                           via 10.1.8.32, gt2

============ OSPF external routing table ===========
N E2 192.168.77.0/24       [20/20] tag: 0
                           via 10.1.1.32, gt1
                           via 10.1.8.32, gt2
  • show ip ospf neighbor
Neighbor ID Pri State           Dead Time Address         Interface            RXmtL RqstL DBsmL
10.83.32.1        1 Full/DROther      34.557s 10.1.1.32       gt1:10.1.1.33            0     0     0
10.83.32.1        1 Full/DROther      34.557s 10.1.8.32       gt2:10.1.8.33            0     0     0
  • show ip ospf database
       OSPF Router with ID (10.83.33.1)

                Router Link States (Area 0.0.0.0)

Link ID         ADV Router      Age  Seq#       CkSum  Link count
10.83.32.1      10.83.32.1      1369 0x8000002e 0xccae 5
10.83.33.1      10.83.33.1      1466 0x8000002d 0x6d10 5

                AS External Link States

Link ID         ADV Router      Age  Seq#       CkSum  Route
192.168.77.0    10.83.32.1      1369 0x80000001 0x5ea2 E2 192.168.77.0/24 [0x0]
  • show ip ospf interface gt1
gt1 is up
  ifindex 7, MTU 1476 bytes, BW 0 Kbit <UP,POINTOPOINT,RUNNING,NOARP>
  Internet Address 10.1.1.33/32, Peer 10.1.1.32, Area 0.0.0.0
  MTU mismatch detection:enabled
  Router ID 10.83.33.1, Network Type POINTOPOINT, Cost: 10
  Transmit Delay is 1 sec, State Point-To-Point, Priority 1
  No designated router on this network
  No backup designated router on this network
  Multicast group memberships: OSPFAllRouters
  Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
    Hello due in 3.925s
  Neighbor Count is 1, Adjacent neighbor count is 1
Abgerufen von „https://xinux.net/index.php?title=2_vpn_channels_with_gre_tunnel_ans_ospf_quagga&oldid=16260