Bu test Ubuntu Server 14.04.1 LTS (GNU/Linux 3.13.0-12-generic x86_64) üzerinde yapılmıştır. Diğer linux dağıtımlarında da benzer şekilde yapılabilir.
iproute2 paketi gretap interface desteklemelidir.
iproute2-3.12.0-2-amd64
VPN yapılandırması strongswan ile yapılmıştır.
|
1 2 |
man ip-link TYPE := [ bridge | can | dummy | ifb | ipoib | macvlan | vcan | veth | vlan | vxlan | ip6tnl | ipip | sit | gre | gretap | ip6gre | ip6gretap ] |
STRONGSWAN VE BRIDGE-UTILS KURULUMU
|
1 |
sudo apt-get install strongswan bridge-utils -y |
AYARLAR
Host A
Dış Ethernet Ayarları
|
1 2 3 |
ip link set dev eth0 up ip addr add 10.11.12.121/24 dev eth0 ip route add default via 10.11.12.1 dev eth0 |
Gre Tunnel
|
1 2 |
ip link add gretap1 type gretap local 10.11.12.121 remote 10.11.12.122 ip link set dev gretap1 up |
Bridge Yapılandırması (gretap1 Ethernet ile Fiziksel eth1 ethernet arasında) (eth1 burada İç ethernet arabirimi)
|
1 2 3 4 5 6 |
ip link set dev eth1 up brctl addbr br0 brctl addif br0 gretap1 brctl addif br0 eth1 ip addr add 10.10.10.1/24 dev br0 ip link set br0 up |
IPSec Host-To-host VPN Ayarları
/etc/ipsec.conf
|
1 2 3 4 5 6 7 8 9 10 11 12 |
conn bridge_tunnel_A-B left=10.11.12.121 leftfirewall=yes right=10.11.12.122 auto=start ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 authby=secret keyexchange=ikev1 mobike=no |
Iki IP (ID) arasındaki paylaşılmış anahtar girilir. Her iki tarafta da aynı olmalıdır.
Host A /etc/ipsec.secrets
|
1 |
10.11.12.121 10.11.12.122 : PSK "123456789" |
Host B
Dış Ethernet Ayarları
|
1 2 3 |
ip link set dev eth0 up ip addr add 10.11.12.122/24 dev eth0 ip route add default via 10.11.12.1 dev eth0 |
Gre Tunnel
|
1 2 |
ip link add gretap1 type gretap local 10.11.12.122 remote 10.11.12.121 ip link set dev gretap1 up |
Bridge Yapılandırması (gretap1 Ethernet ile Fiziksel eth1 ethernet arasında) (eth1 burada İç ethernet arabirimi)
|
1 2 3 4 5 6 |
ip link set dev eth1 up brctl addbr br0 brctl addif br0 gretap1 brctl addif br0 eth1 ip addr add 10.10.10.2/24 dev br0 ip link set br0 up |
IPSec Host-To-host VPN Ayarları
/etc/ipsec.conf
|
1 2 3 4 5 6 7 8 9 10 11 12 |
conn bridge_tunnel_B-A left=10.11.12.122 leftfirewall=yes right=10.11.12.121 auto=start ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 authby=secret keyexchange=ikev1 mobike=no |
Iki IP (ID) arasındaki paylaşılmış anahtar girilir. Her iki tarafta da aynı olmalıdır.
Host B /etc/ipsec.secrets
|
1 |
10.11.12.122 10.11.12.121 : PSK "123456789" |
KONTROL
HOST A
VPN bağlantısı kontrol edilir.
|
1 2 3 4 5 |
root@ubuntu1:~# ipsec status Security Associations (1 up, 0 connecting): bridge_tunnel_A-B[2]: ESTABLISHED 26 minutes ago, 10.11.12.121[10.11.12.121]...10.11.12.122[10.11.12.122] bridge_tunnel_A-B{1}: INSTALLED, TUNNEL, ESP SPIs: c37dab9e_i c1231be9_o bridge_tunnel_A-B{1}: 10.11.12.121/32 === 10.11.12.122/32 |
Ethernet listeside oluşturduğumuz Bridge ethernet ve GRE tunel etherneti görülür.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
root@ubuntu1:~# ifconfig br0 Link encap:Ethernet HWaddr 08:00:27:6a:71:f9 inet addr:10.10.10.1 Bcast:0.0.0.0 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fe6a:71f9/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1462 Metric:1 RX packets:23514697 errors:0 dropped:0 overruns:0 frame:0 TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1385581548 (1.3 GB) TX bytes:788 (788.0 B) eth0 Link encap:Ethernet HWaddr 08:00:27:ee:1b:60 inet addr:10.11.12.121 Bcast:10.11.12.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:feee:1b60/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8085785 errors:0 dropped:0 overruns:0 frame:0 TX packets:14324718 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1375318766 (1.3 GB) TX bytes:2668092039 (2.6 GB) eth1 Link encap:Ethernet HWaddr 08:00:27:6a:71:f9 inet6 addr: fe80::a00:27ff:fe6a:71f9/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:15435019 errors:0 dropped:0 overruns:0 frame:0 TX packets:4513568 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1205767298 (1.2 GB) TX bytes:359244284 (359.2 MB) gretap1 Link encap:Ethernet HWaddr 1e:bc:94:b2:6c:c5 inet6 addr: fe80::1cbc:94ff:feb2:6cc5/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1462 Metric:1 RX packets:8079684 errors:0 dropped:0 overruns:0 frame:0 TX packets:14321811 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:509020458 (509.0 MB) TX bytes:1196262342 (1.1 GB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) |
Uzak noktadaki bilgisayarların MAC adresleri arp tablosunda görülür
|
1 2 3 4 5 |
root@ubuntu1:~# arp -an ? (10.11.12.10) at f8:16:54:a4:89:bd [ether] on eth0 ? (10.10.10.2) at 08:00:27:ae:66:b2 [ether] on br0 ? (10.11.12.122) at 08:00:27:dc:de:1d [ether] on eth0 ? (10.11.12.1) at 00:90:0b:2a:71:5d [ether] on eth0 |
HOST B
VPN bağlantısı kontrol edilir.
|
1 2 3 4 5 |
root@ubuntu2:~# ipsec status Security Associations (1 up, 0 connecting): bridge_tunnel_B-A[1]: ESTABLISHED 27 minutes ago, 10.11.12.122[10.11.12.122]...10.11.12.121[10.11.12.121] bridge_tunnel_B-A{1}: INSTALLED, TUNNEL, ESP SPIs: c1231be9_i c37dab9e_o bridge_tunnel_B-A{1}: 10.11.12.122/32 === 10.11.12.121/32 |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
root@ubuntu2:~# ifconfig br0 Link encap:Ethernet HWaddr 08:00:27:ae:66:b2 inet addr:10.10.10.2 Bcast:0.0.0.0 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:feae:66b2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1462 Metric:1 RX packets:20292648 errors:0 dropped:0 overruns:0 frame:0 TX packets:5043775 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1329975104 (1.3 GB) TX bytes:211838738 (211.8 MB) eth0 Link encap:Ethernet HWaddr 08:00:27:dc:de:1d inet addr:10.11.12.122 Bcast:10.11.12.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fedc:de1d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:15785157 errors:0 dropped:0 overruns:0 frame:0 TX packets:8447119 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2935747315 (2.9 GB) TX bytes:1434069827 (1.4 GB) eth1 Link encap:Ethernet HWaddr 08:00:27:ae:66:b2 inet6 addr: fe80::a00:27ff:feae:66b2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4513544 errors:0 dropped:0 overruns:0 frame:0 TX packets:16892340 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:359242340 (359.2 MB) TX bytes:1321624298 (1.3 GB) gretap1 Link encap:Ethernet HWaddr b2:84:9c:be:71:83 inet6 addr: fe80::b084:9cff:febe:7183/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1462 Metric:1 RX packets:15779112 errors:0 dropped:0 overruns:0 frame:0 TX packets:8444101 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1254830484 (1.2 GB) TX bytes:558102526 (558.1 MB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) |
Uzak noktadaki bilgisayarların MAC adresleri arp tablosunda görülür
|
1 2 3 4 5 |
root@ubuntu2:~# arp -an ? (10.10.10.1) at 08:00:27:6a:71:f9 [ether] on br0 ? (10.11.12.10) at f8:16:54:a4:89:bd [ether] on eth0 ? (10.11.12.1) at 00:90:0b:2a:71:5d [ether] on eth0 ? (10.11.12.121) at 08:00:27:ee:1b:60 [ether] on eth0 |