2 vpn channels with gre tunnel ans ospf quagga: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(→Infos) |
Thomas (Diskussion | Beiträge) |
||
Zeile 113: | Zeile 113: | ||
*/etc/ipsec.secret | */etc/ipsec.secret | ||
10.84.252.32 10.84.252.33 : PSK "suxer" | 10.84.252.32 10.84.252.33 : PSK "suxer" | ||
− | 10.84.244.32 10.84.244.33 : PSK "suxer" | + | 10.84.244.32 10.84.244.33 : PSK "suxer" |
+ | |||
==gre tunnel== | ==gre tunnel== | ||
<pre> | <pre> |
Aktuelle Version vom 16. Januar 2018, 21:37 Uhr
gustavo
strongswan
- /etc/ipsec.conf
conn gustavo-tiazel-1 authby=secret type=transport left=10.84.252.33 right=10.84.252.32 auto=start
conn gustavo-tiazel-2 authby=secret type=transport left=10.84.244.33 right=10.84.244.32 auto=start
- /etc/ipsec.secret
10.84.252.33 10.84.252.31 : PSK "suxer" 10.84.244.33 10.84.244.31 : PSK "suxer"
gre tunnel
#!/bin/bash modprobe ip_gre LIP1="10.84.252.33" RIP1="10.84.252.32" LIP2="10.84.244.33" RIP2="10.84.244.32" LTIP1="10.1.1.33" RTIP1="10.1.1.32" LTIP2="10.1.8.33" RTIP2="10.1.8.32" ip tunnel add gt1 mode gre remote $RIP1 local $LIP1 ttl 255 ip tunnel add gt2 mode gre remote $RIP2 local $LIP2 ttl 255 ip address add dev gt1 $LTIP1 peer $RTIP1/32 ip address add dev gt2 $LTIP2 peer $RTIP2/32 ip link set gt1 up ip link set gt2 up
quagga
log file /var/log/quagga/quagga.log ! interface dummy0 ipv6 nd suppress-ra no link-detect ! interface ens3 ipv6 nd suppress-ra no link-detect ! interface ens6 ipv6 nd suppress-ra no link-detect ! interface ens7 ipv6 nd suppress-ra no link-detect ! interface gre0 ipv6 nd suppress-ra no link-detect ! interface gretap0 ipv6 nd suppress-ra no link-detect ! interface gt1 ipv6 nd suppress-ra no link-detect ! interface gt2 ipv6 nd suppress-ra no link-detect ! interface lo no link-detect ! router ospf ospf router-id 10.83.33.1 redistribute static passive-interface ens6 network 10.1.1.32/32 area 0.0.0.0 network 10.1.8.32/32 area 0.0.0.0 network 10.83.33.0/24 area 0.0.0.0 network 192.168.77.0/24 area 0.0.0.0 ! ip forwarding ! line vty
tiazel
strongswan
- /etc/ipsec.conf
conn gustavo-tiazel-1 authby=secret type=transport left=10.84.252.33 right=10.84.252.32 auto=start conn gustavo-tiazel-2 authby=secret type=transport left=10.84.244.33 right=10.84.244.32 auto=start
- /etc/ipsec.secret
10.84.252.32 10.84.252.33 : PSK "suxer" 10.84.244.32 10.84.244.33 : PSK "suxer"
gre tunnel
#!/bin/bash modprobe ip_gre LIP1="10.84.252.32" RIP1="10.84.252.33" LIP2="10.84.244.32" RIP2="10.84.244.33" LTIP1="10.1.1.32" RTIP1="10.1.1.33" LTIP2="10.1.8.32" RTIP2="10.1.8.33" ip tunnel add gt1 mode gre remote $RIP1 local $LIP1 ttl 255 ip tunnel add gt2 mode gre remote $RIP2 local $LIP2 ttl 255 ip address add dev gt1 $LTIP1 peer $RTIP1/32 ip address add dev gt2 $LTIP2 peer $RTIP2/32 ip link set gt1 up ip link set gt2 up
quagga
log file /var/log/quagga/quagga.log ! interface dummy0 ipv6 nd suppress-ra no link-detect ! interface ens3 ipv6 nd suppress-ra no link-detect ! interface ens6 ipv6 nd suppress-ra no link-detect ! interface ens7 ipv6 nd suppress-ra no link-detect ! interface gre0 ipv6 nd suppress-ra no link-detect ! interface gretap0 ipv6 nd suppress-ra no link-detect ! interface gt1 ipv6 nd suppress-ra no link-detect ! interface gt2 ipv6 nd suppress-ra no link-detect ! interface lo no link-detect ! router ospf ospf router-id 10.83.32.1 passive-interface ens6 network 10.1.1.33/32 area 0.0.0.0 network 10.1.8.33/32 area 0.0.0.0 network 10.83.32.0/24 area 0.0.0.0 ! ip route 192.168.77.0/24 10.83.32.11 ! ip forwarding ! line vty
Infos
gustavo
- show ip ospf route
============ OSPF network routing table ============ N 10.1.1.32/32 [10] area: 0.0.0.0 directly attached to gt1 N 10.1.8.32/32 [10] area: 0.0.0.0 directly attached to gt2 N 10.83.32.0/24 [20] area: 0.0.0.0 via 10.1.1.32, gt1 via 10.1.8.32, gt2 N 10.83.33.0/24 [10] area: 0.0.0.0 directly attached to ens6 ============ OSPF router routing table ============= R 10.83.32.1 [10] area: 0.0.0.0, ASBR via 10.1.1.32, gt1 via 10.1.8.32, gt2 ============ OSPF external routing table =========== N E2 192.168.77.0/24 [20/20] tag: 0 via 10.1.1.32, gt1 via 10.1.8.32, gt2
- show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL 10.83.32.1 1 Full/DROther 34.557s 10.1.1.32 gt1:10.1.1.33 0 0 0 10.83.32.1 1 Full/DROther 34.557s 10.1.8.32 gt2:10.1.8.33 0 0 0
- show ip ospf database
OSPF Router with ID (10.83.33.1) Router Link States (Area 0.0.0.0) Link ID ADV Router Age Seq# CkSum Link count 10.83.32.1 10.83.32.1 1369 0x8000002e 0xccae 5 10.83.33.1 10.83.33.1 1466 0x8000002d 0x6d10 5 AS External Link States Link ID ADV Router Age Seq# CkSum Route 192.168.77.0 10.83.32.1 1369 0x80000001 0x5ea2 E2 192.168.77.0/24 [0x0]
- show ip ospf interface gt1
gt1 is up ifindex 7, MTU 1476 bytes, BW 0 Kbit <UP,POINTOPOINT,RUNNING,NOARP> Internet Address 10.1.1.33/32, Peer 10.1.1.32, Area 0.0.0.0 MTU mismatch detection:enabled Router ID 10.83.33.1, Network Type POINTOPOINT, Cost: 10 Transmit Delay is 1 sec, State Point-To-Point, Priority 1 No designated router on this network No backup designated router on this network Multicast group memberships: OSPFAllRouters Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5 Hello due in 3.925s Neighbor Count is 1, Adjacent neighbor count is 1