Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- +--------------------------+
- |Server | Goal
- | | Have server.site1.com talk to
- |Hostname: server.site1.com| server.site2.com trough IPSec
- |LAN IP: 10.1.1.2/24 |
- +-------------+------------+ server.site2.com should be able to access
- | http://server.site1.com:456/
- |
- +-------------+--------------+ Current setup
- |Firewall | server.site1.com and firewall.site1.com
- | | are configured for policy based ipsec
- |Hostname: firewall.site1.com| tunnell as expected.
- |LAN IP: 10.1.1.1/24 |
- |WAN IP: 91.1.1.1 | server.site2.com is running ubuntu 16.04
- +-------------+--------------+ with strongswan, a policy based ipsec tunnell
- | has been setup between server.site2.com and
- XX+X firewall.site.com, this tunnell is up and running.
- XXX X
- X X strongswan config on server.site2.com
- XXX XXXXXXXXXXXX conn site1-site2
- XXXXXXX XX keyexchange=ikev1
- X XXX left=92.2.2.1
- X internet XX right=91.1.1.1
- XXXX XX authby=secret
- XXX X ike=aes128-sha256-modp3072!
- XX XXXXXXXXXX ikelifetime=28800s
- XXXX XX leftsubnet=92.2.2.1/32
- XXXX+XX rightsubnet=10.1.1.2/32
- | esp=aes128-sha1
- +-------------+------------+ lifetime=3600s
- |Server |
- | | The challenge
- |Hostname: server.site2.com| If I had a separate firewall.site2.com, and made the
- |WAN IP: 92.2.2.1 | IPSec tunnell between these firewalls, I would succeed.
- +--------------------------+
- But since I don't have a separate firewall.site2.com,
- routing does become challenging as I don't know how to
- route packages to or from the tunnell as the policy base
- IPSec apparently does not use the routing table.
- Note
- Please ignore DNS and security settings in this example.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement