User:Clandmeter: Difference between revisions
Clandmeter (talk | contribs) m (Protected "User:Clandmeter" ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite))) |
Clandmeter (talk | contribs) No edit summary |
||
(5 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
[[Setup patchwork on Alpine Linux]] | |||
[[Setup of DMVPN on Alpine linux]] | |||
We start by adding mGRE tunnels to our network configuration. In conjunction with IPsec VPNs this allows passing of routing information between connected networks. | |||
auto gre1 | |||
iface gre1 inet static | |||
pre-up ip tunnel add $IFACE mode gre key 42 ttl 64 dev br0 || true | |||
address 192.168.148.2 | |||
netmask 255.255.255.255 | |||
post-down ip tunnel del $IFACE || true | |||
To encrypt the traffic going over this tunnel, we will use ipsec. for ipsec we will use strongswan which has the vici plugin, see: | |||
The vici plugin provides VICI, the Versatile IKE Configuration Interface. As its name indicates, it provides an interface for external applications to not only configure, but also to control and monitor the IKE daemon charon. | |||
for this we also need a modified version of strongswan, provided by fabled. | |||
thisshouldbetheipsecconfig | |||
To talk to the vici interface we use Quagga's new NHRP plugin developed by Timo Terras (fabled). | |||
We have to use his modified version, as these changes have not yet been upstreamed. | |||
NHRP will automatically create GRE tunnels over IPsec, and we will use BGP to router the traffic over it. | |||
My notes on DMVPN | My notes on DMVPN | ||
Latest revision as of 11:20, 11 June 2016
Setup patchwork on Alpine Linux
Setup of DMVPN on Alpine linux
We start by adding mGRE tunnels to our network configuration. In conjunction with IPsec VPNs this allows passing of routing information between connected networks.
auto gre1 iface gre1 inet static pre-up ip tunnel add $IFACE mode gre key 42 ttl 64 dev br0 || true address 192.168.148.2 netmask 255.255.255.255 post-down ip tunnel del $IFACE || true
To encrypt the traffic going over this tunnel, we will use ipsec. for ipsec we will use strongswan which has the vici plugin, see: The vici plugin provides VICI, the Versatile IKE Configuration Interface. As its name indicates, it provides an interface for external applications to not only configure, but also to control and monitor the IKE daemon charon. for this we also need a modified version of strongswan, provided by fabled.
thisshouldbetheipsecconfig
To talk to the vici interface we use Quagga's new NHRP plugin developed by Timo Terras (fabled). We have to use his modified version, as these changes have not yet been upstreamed.
NHRP will automatically create GRE tunnels over IPsec, and we will use BGP to router the traffic over it.
My notes on DMVPN
ip tunnel add gre1 mode gre remote 172.16.4.1 local 172.16.3.1 ttl 255 ip link set gre1 up ip addr add 192.168.148.1/24 dev gre1
ip tunnel add gre1 mode gre remote 172.16.3.1 local 172.16.4.1 ttl 255 ip link set gre1 up ip addr add 192.168.148.2/24 dev gre1