Artigo explicando a configuração de dois túneis de VPN,
cada um usando uma chave RSA diferente, no caso um túnel utiliza chave RSA de 512 bits
e outro RSA de 1024 bits, para isso basta apenas utilizar a autenticação por id
utilizando os campos leftid e rightid para especificar qual chave pertence a qual túnel.
arquivo .conn do primeiro túnel:
conn teste1-teste2
authby=rsasig
auto=start
leftid=@teste1
rightid=@teste2
leftnexthop=200.1.1.1
rightnexthop=200.2.2.1
leftsubnet=192.168.1.0/24
rightsubnet=192.168.0.0/24
left=200.1.1.2
right=200.2.2.2
leftrsasigkey=0sAQNbO8LOc4zPQCW0itF1C3GjqWEYUMy0e/St6ZdR19s/auuKUyVicybYPUrbnzWh4V4U31B3A5NxXrnzh6gkSpwr
rightrsasigkey=0sAQPdXmWCOW3MObRypBZNjMsKqPjbtmIto+KxmTnJZWIVPtPUoN0NJWZjkE34LGhJw78D5QxZQP5HMVwdHmvJpQ5p
campos a serem utilizados:
leftid=@teste1
rightid=@teste2
segundo túnel:
conn harrier-sanobiol
authby=rsasig
auto=start
leftid=@teste1
rightid=@teste3
leftnexthop=200.1.1.1
rightnexthop=200.3.3.1
leftsubnet=192.168.1.0/24
rightsubnet=192.168.100.0/24
left=200.1.1.2
right=200.3.3.2
leftrsasigkey=0sAQPO5JQI8e/RoeszHQbF5SQGA0f1bVGcVdV9sY6bVDx/KLjaRaCmC5psJwwJEqnBEPJUJqEkHEr1MYcLYpjAxEMBwE9xoZ
CR0SkZM6DEd8kXcSY0fkhF2p+4V0QQqORL/BzVM8adyJTXQNWECXeM93EW7OLVS49gagRQXUxPCD6GSw==
rightrsasigkey=0sAQN6uP+o9ovN5SptfMOkTRPY4Xss0XGkbVyqygdMhYfJ0YY/p1GJvrqbOkBRF7KW6A/xo24g4nmVAPndb2Wsblks9RXgSd
XWONaODtRw54LUJfu1wVqo+y8dI0weC2PyeDHiVwqJaznjN8Wi9n1wn7CyUdp1cq9iuvHUDbFgMVNtNw==
campos a serem utilizados:
leftid=@teste1
rightid=@teste3
configuração do arquivo /etc/ipsec.secrets
@teste1 @teste2: RSA {
# RSA 512 bits harrier.lasa.ind.br Wed Oct 4 12:27:43 2006
# for signatures only, UNSAFE FOR ENCRYPTION
#pubkey=0sAQNbO8LOc4zPQCW0itF1C3GjqWEYUMy0e/St6ZdR19s/auuKUyVicybYPUrbnzWh4V4U31B3A5NxXrnzh6gkSpwr
Modulus:
0x5b3bc2ce738ccf4025b48ad1750b71a3a9611850ccb47bf4ade99751d7db3f6aeb8a5325627326d83d4adb9f35a1e15e14df50770393715eb9f387a8244a9c2b
PublicExponent: 0x03
# everything after this point is secret
PrivateExponent:
0x0f34a077bdeccd355b9e1722e8d73d9b46e5840d777369fe1cfc43e2f94f353c492ced41fe544361e592b2f5ab585d7b9c317068f834aaa5855c105cdf1b2da7
Prime1: 0xaf1bd80c9831cecae117a11117f93ecafc4efae8ddcec108616529f71db50f7d
Prime2: 0x8560eb8cd447c3c1fac308cc199671ad6f67b3185488b0753865fb83cbf27ac7
Exponent1: 0x74bd3ab31021348740ba6b60baa629dca834a745e93480b040ee1bfa13ce0a53
Exponent2: 0x58eb47b3382fd7d6a72cb088110ef6739f9a77658db075a37aeea7ad32a1a72f
Coefficient: 0x9c59bb371d79f5d9aa3f66ea8beb242a8f3cba14afb776976ecc43dbcb6f29d6
}
@teste1 @teste3 : RSA {
# RSA 1024 bits harrier.lasa.ind.br Thu Feb 1 13:15:38 2007
# for signatures only, UNSAFE FOR ENCRYPTION
#pubkey=0sAQPO5JQI8e/RoeszHQbF5SQGA0f1bVGcVdV9sY6bVDx/KLjaRaCmC5psJwwJEqnBEPJUJ
qEkHEr1MYcLYpjAxEMBwE9xoZCR0SkZM6DEd8kXcSY0fkhF2p+4V0QQqORL/BzVM8adyJTXQNWECXeM93EW7OLVS49gagRQXUxPCD6GSw==
Modulus: 0xcee49408f1efd1a1eb331d06c5e524060347f56d519c55d57db18e9b543c7f28b8da45a0a60b9a
6c270c0912a9c110f25426a1241c4af531870b6298c0c44301c04f71a19091d1291933a0c477c9177126347e4845da9fb857
4410a8e44bfc1cd533c69dc894d740d58409778cf77116ece2d54b8f606a04505d4c4f083e864b
PublicExponent: 0x03
# everything after this point is secret
PrivateExponent: 0x227b6e017da7f845a7332f8120fb8601008bfe3ce2ef63a394f2ed19e35f6a86c979b6457101ef12
068201831c4ad828635bc58604b728dd9681e5c42020b5d55355baa77ca180c172e3d1136ac511112cd26db3f9c2084b47
64f9be86e06b5352eb60106065ae2c8e9572c2b15e00f8cb1ae7c262263f6fc37bf5eb8caa3dfb
Prime1: 0xe850b71db94fd7120d70a0c01c9c2cc26d91371fd2e677f545d96f58afd39b65241c64b21ec1c573a
2ea5d4d63b3d3dc45a8044a2e13d91c6ca6246a77a657bb
Prime2: 0xe3fc5a96eb78f58e5a6c198fda8e8447abb4b4f09867f5ff650cc6d90b35dcc3bf9321896770fcc1db
18fb9a010f9765e4996273146714494ecf645f449abab1
Exponent1: 0x9ae07a13d0dfe4b6b3a06b2abdbd732c490b7a1537444ff8d93b9f907537bcee1812edcc14812e4d1746
e8de4277e292d91aad86c96290bd9dc41846fa6ee527
Exponent2: 0x97fd91b9f250a3b43c48110a91b4582fc7cdcdf5baeff954ee088490b223e8827fb76bb0efa0a8813cbb52
66ab5fba43edbb96f762ef62db89df983f8311d1cb
Coefficient: 0x526ae7bd4ddce50a59a2d41b86ee1c6102327b60947e417a3eb720cf90296b14a0d436b37771c7beed4622d
a7344b942bfef38c395b4b0136e8dad142b79a705
}
detalhe: cada chave antes do parâmetro : RSA { tem a especificação de quais ids a chave responde
@teste1 @teste2: RSA {
@teste1 @teste3: RSA {
com isso se a outra ponta se identificar como @teste2
será utilizada a primeira chave RSA, caso se identifique como
@teste3 será utilizada a segunda chave RSA
Em caso de Dúvidas
gtalk/email: felipe.nix@gmail.com
msn: flph2@hotmail.com
cada um usando uma chave RSA diferente, no caso um túnel utiliza chave RSA de 512 bits
e outro RSA de 1024 bits, para isso basta apenas utilizar a autenticação por id
utilizando os campos leftid e rightid para especificar qual chave pertence a qual túnel.
arquivo .conn do primeiro túnel:
conn teste1-teste2
authby=rsasig
auto=start
leftid=@teste1
rightid=@teste2
leftnexthop=200.1.1.1
rightnexthop=200.2.2.1
leftsubnet=192.168.1.0/24
rightsubnet=192.168.0.0/24
left=200.1.1.2
right=200.2.2.2
leftrsasigkey=0sAQNbO8LOc4zPQCW0itF1C3GjqWEYUMy0e/St6ZdR19s/auuKUyVicybYPUrbnzWh4V4U31B3A5NxXrnzh6gkSpwr
rightrsasigkey=0sAQPdXmWCOW3MObRypBZNjMsKqPjbtmIto+KxmTnJZWIVPtPUoN0NJWZjkE34LGhJw78D5QxZQP5HMVwdHmvJpQ5p
campos a serem utilizados:
leftid=@teste1
rightid=@teste2
segundo túnel:
conn harrier-sanobiol
authby=rsasig
auto=start
leftid=@teste1
rightid=@teste3
leftnexthop=200.1.1.1
rightnexthop=200.3.3.1
leftsubnet=192.168.1.0/24
rightsubnet=192.168.100.0/24
left=200.1.1.2
right=200.3.3.2
leftrsasigkey=0sAQPO5JQI8e/RoeszHQbF5SQGA0f1bVGcVdV9sY6bVDx/KLjaRaCmC5psJwwJEqnBEPJUJqEkHEr1MYcLYpjAxEMBwE9xoZ
CR0SkZM6DEd8kXcSY0fkhF2p+4V0QQqORL/BzVM8adyJTXQNWECXeM93EW7OLVS49gagRQXUxPCD6GSw==
rightrsasigkey=0sAQN6uP+o9ovN5SptfMOkTRPY4Xss0XGkbVyqygdMhYfJ0YY/p1GJvrqbOkBRF7KW6A/xo24g4nmVAPndb2Wsblks9RXgSd
XWONaODtRw54LUJfu1wVqo+y8dI0weC2PyeDHiVwqJaznjN8Wi9n1wn7CyUdp1cq9iuvHUDbFgMVNtNw==
campos a serem utilizados:
leftid=@teste1
rightid=@teste3
configuração do arquivo /etc/ipsec.secrets
@teste1 @teste2: RSA {
# RSA 512 bits harrier.lasa.ind.br Wed Oct 4 12:27:43 2006
# for signatures only, UNSAFE FOR ENCRYPTION
#pubkey=0sAQNbO8LOc4zPQCW0itF1C3GjqWEYUMy0e/St6ZdR19s/auuKUyVicybYPUrbnzWh4V4U31B3A5NxXrnzh6gkSpwr
Modulus:
0x5b3bc2ce738ccf4025b48ad1750b71a3a9611850ccb47bf4ade99751d7db3f6aeb8a5325627326d83d4adb9f35a1e15e14df50770393715eb9f387a8244a9c2b
PublicExponent: 0x03
# everything after this point is secret
PrivateExponent:
0x0f34a077bdeccd355b9e1722e8d73d9b46e5840d777369fe1cfc43e2f94f353c492ced41fe544361e592b2f5ab585d7b9c317068f834aaa5855c105cdf1b2da7
Prime1: 0xaf1bd80c9831cecae117a11117f93ecafc4efae8ddcec108616529f71db50f7d
Prime2: 0x8560eb8cd447c3c1fac308cc199671ad6f67b3185488b0753865fb83cbf27ac7
Exponent1: 0x74bd3ab31021348740ba6b60baa629dca834a745e93480b040ee1bfa13ce0a53
Exponent2: 0x58eb47b3382fd7d6a72cb088110ef6739f9a77658db075a37aeea7ad32a1a72f
Coefficient: 0x9c59bb371d79f5d9aa3f66ea8beb242a8f3cba14afb776976ecc43dbcb6f29d6
}
@teste1 @teste3 : RSA {
# RSA 1024 bits harrier.lasa.ind.br Thu Feb 1 13:15:38 2007
# for signatures only, UNSAFE FOR ENCRYPTION
#pubkey=0sAQPO5JQI8e/RoeszHQbF5SQGA0f1bVGcVdV9sY6bVDx/KLjaRaCmC5psJwwJEqnBEPJUJ
qEkHEr1MYcLYpjAxEMBwE9xoZCR0SkZM6DEd8kXcSY0fkhF2p+4V0QQqORL/BzVM8adyJTXQNWECXeM93EW7OLVS49gagRQXUxPCD6GSw==
Modulus: 0xcee49408f1efd1a1eb331d06c5e524060347f56d519c55d57db18e9b543c7f28b8da45a0a60b9a
6c270c0912a9c110f25426a1241c4af531870b6298c0c44301c04f71a19091d1291933a0c477c9177126347e4845da9fb857
4410a8e44bfc1cd533c69dc894d740d58409778cf77116ece2d54b8f606a04505d4c4f083e864b
PublicExponent: 0x03
# everything after this point is secret
PrivateExponent: 0x227b6e017da7f845a7332f8120fb8601008bfe3ce2ef63a394f2ed19e35f6a86c979b6457101ef12
068201831c4ad828635bc58604b728dd9681e5c42020b5d55355baa77ca180c172e3d1136ac511112cd26db3f9c2084b47
64f9be86e06b5352eb60106065ae2c8e9572c2b15e00f8cb1ae7c262263f6fc37bf5eb8caa3dfb
Prime1: 0xe850b71db94fd7120d70a0c01c9c2cc26d91371fd2e677f545d96f58afd39b65241c64b21ec1c573a
2ea5d4d63b3d3dc45a8044a2e13d91c6ca6246a77a657bb
Prime2: 0xe3fc5a96eb78f58e5a6c198fda8e8447abb4b4f09867f5ff650cc6d90b35dcc3bf9321896770fcc1db
18fb9a010f9765e4996273146714494ecf645f449abab1
Exponent1: 0x9ae07a13d0dfe4b6b3a06b2abdbd732c490b7a1537444ff8d93b9f907537bcee1812edcc14812e4d1746
e8de4277e292d91aad86c96290bd9dc41846fa6ee527
Exponent2: 0x97fd91b9f250a3b43c48110a91b4582fc7cdcdf5baeff954ee088490b223e8827fb76bb0efa0a8813cbb52
66ab5fba43edbb96f762ef62db89df983f8311d1cb
Coefficient: 0x526ae7bd4ddce50a59a2d41b86ee1c6102327b60947e417a3eb720cf90296b14a0d436b37771c7beed4622d
a7344b942bfef38c395b4b0136e8dad142b79a705
}
detalhe: cada chave antes do parâmetro : RSA { tem a especificação de quais ids a chave responde
@teste1 @teste2: RSA {
@teste1 @teste3: RSA {
com isso se a outra ponta se identificar como @teste2
será utilizada a primeira chave RSA, caso se identifique como
@teste3 será utilizada a segunda chave RSA
Em caso de Dúvidas
gtalk/email: felipe.nix@gmail.com
msn: flph2@hotmail.com
Nenhum comentário:
Postar um comentário