Note from wikipedia:Authentication Header (AH)
AH is a member of the IPsec protocol suite. AH is intended to guarantee connectionless integrity and data origin authentication of IP packets.
Encapsulating Security Payload (ESP)
ESP is a member of the IPsec protocol suite. It is the portion of IPsec that provides origin authenticity, integrity, and confidentiality protection of packets. ESP also supports encryption-only and authentication-only configurations, but using encryption without authentication is strongly discouraged because it is insecure.
#Fire
echo "1" > /proc/sys/net/ipv4/ip_forward
vi 10-0-1-104.conf
#Configuration file on Fire
flush;
spdflush;
#SAD
add 10.0.1.103 10.0.1.104 ah 0x200 -m tunnel
-A hmac-sha1 0xe983bd728c2e7ecd4369d2050db804bc2f36aee7;
add 10.0.1.104 10.0.1.103 ah 0x300 -m tunnel
-A hmac-sha1 0xdd2f63da632c7ddcc5a6c29a6ca9739e8d4d9e77;
add 10.0.1.103 10.0.1.104 esp 0x201 -m tunnel
-E 3des-cbc 0x3fdad5392f9ead005660b36b5358de87552f7d0c5f2dd996;
add 10.0.1.104 10.0.1.103 esp 0x301 -m tunnel
-E 3des-cbc 0x5362f516f083ebf9326ad103d7e0d573a4d3d9e25a31f65d;
#
spdadd 172.16.14.0/24 192.168.82.0/24 any -P out ipsec
esp/tunnel/10.0.1.104-10.0.1.103/require;
ah/tunnel/10.0.1.104-10.0.1.103/require;
spdadd 192.168.82.0/24 172.16.14.0/24 any -P in ipsec
esp/tunnel/10.0.1.103-10.0.1.104/require;
ah/tunnel/10.0.1.103-10.0.1.104/require;
#Rage
echo "1" > /proc/sys/net/ipv4/ip_forward
flush;
spdflush;
-A hmac-sha1 0xe983bd728c2e7ecd4369d2050db804bc2f36aee7;
add 10.0.1.104 10.0.1.103 ah 0x300 -m tunnel
-A hmac-sha1 0xdd2f63da632c7ddcc5a6c29a6ca9739e8d4d9e77;
add 10.0.1.103 10.0.1.104 esp 0x201 -m tunnel
-E 3des-cbc 0x3fdad5392f9ead005660b36b5358de87552f7d0c5f2dd996;
add 10.0.1.104 10.0.1.103 esp 0x301 -m tunnel
-E 3des-cbc 0x5362f516f083ebf9326ad103d7e0d573a4d3d9e25a31f65d;
esp/tunnel/10.0.1.104-10.0.1.103/require;
ah/tunnel/10.0.1.104-10.0.1.103/require;
spdadd 192.168.82.0/24 172.16.14.0/24 any -P out ipsec
esp/tunnel/10.0.1.103-10.0.1.104/require;
ah/tunnel/10.0.1.103-10.0.1.104/require;
沒有留言:
發佈留言