[Openswan Users] Ipsec can't encryption on L2TP tunnel
Riri Afnita
ririafnita95 at gmail.com
Thu Jul 27 21:23:40 EDT 2017
Hi Samir. I'm Riri. I want to ask you about remote access VPN. I have files:
/etc/ipsec.conf:
version 2
#
# Manual: ipsec.conf.5
# basic configuration
config setup
protostack=netkey
dumpdir=/var/run/pluto/
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:
25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
conn L2TP-PSK
authby=secret
pfs=yes
auto=start
keyingtries=3
ikelifetime=8h
keylife=1h
ike=aes256-sha1;modp1024!
phase2alg=aes256-sha1;modp1024
rekey=no
type=tunnel
left=%defaultroute
leftid=103.19.208.244(IP.vpn server)
leftsubnet=192.168.122.0/24
right=%any
rightprotoport=17/1701
dpddelay=10
dpdtimeout=90
dpdaction=clear
/etc/ipsec.secrets:
include /etc/ipsec.d/*.secrets
103.19.208.244 %any: PSK "vpnku"
/etc/xl2tpd/xl2tpd.conf
[global]
listen-addr=103.19.208.244
ipsec saref = yes
force userspace = yes
[lns default]
ip range = 192.168.1.2-192.168.1.254
local ip = 192.168.1.1
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
/etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
lili l2tpd R1R11234567891234 *
Scenario:
Server (103.19.208.240) have 2 virtual server using KVM, they are VPN
server and ftp server. For VPN server using bridge from server ( bridge:br0
rctl setting with rctlxx /i'm forget about it but i choose rctl/) and for
FTP server and VPN server, i choose virbr0. virbr0 give dhcp for iP private
with network 192.168.122.0/24.
Client connect to vpn server (103.19.208.244) with ip 103.19.208.243 and
then, VPN server give ip 192.168.1.2 to client. After connect to VPN
server, i will access 192.168.122.20/24 for access data from FTP. Attacker
will do passive sniffing for look ftp data with wireshark and port
mirroring. Switch using Cisco.
Problem:
1. How to make my client (192.168.1.2/32) can access ftp server (
192.168.122.20/24)?
2. How to make my FTP data can't be sniffing my attacker when i access FTP
data?
I am using openswan-2.6.32-16.el6.i686.rpm.
The topology:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20170728/8daa716f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1501108739829.jpg
Type: image/jpeg
Size: 344283 bytes
Desc: not available
URL: <http://lists.openswan.org/pipermail/users/attachments/20170728/8daa716f/attachment-0001.jpg>
More information about the Users
mailing list