https://lms.onnocenter.or.id/wiki/index.php?action=history&feed=atom&title=IPSec%3A_ESP_Tunnel_di_Ubuntu_untuk_IPv4 2026-04-25T17:42:45Z Revision history for this page on the wiki MediaWiki 1.45.1 https://lms.onnocenter.or.id/wiki/index.php?title=IPSec:_ESP_Tunnel_di_Ubuntu_untuk_IPv4&diff=43704&oldid=prev 2015-07-07T02:14:34Z

<p><span class="autocomment">Debugging</span></p> <table style="background-color: #fff; color: #202122;" data-mw="interface"> <col class="diff-marker" /> <col class="diff-content" /> <col class="diff-marker" /> <col class="diff-content" /> <tr class="diff-title" lang="en"> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 02:14, 7 July 2015</td> </tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l145">Line 145:</td> <td colspan="2" class="diff-lineno">Line 145:</td></tr> <tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==Debugging==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==Debugging==</div></td></tr> <tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr> <tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Dari mesin  Gateway B <del style="font-weight: bold; text-decoration: none;">2001:470:19:b37::</del>101  </div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Dari mesin  Gateway B <ins style="font-weight: bold; text-decoration: none;">192.168.0.</ins>101</div></td></tr> <tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Proses debugging jika dibutuhkan dapat menggunakan tcpdump dengan perintah, misalnya,</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Proses debugging jika dibutuhkan dapat menggunakan tcpdump dengan perintah, misalnya,</div></td></tr> <tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr> <tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>  #  tcpdump -t -n -i eth0 -vv <del style="font-weight: bold; text-decoration: none;">ip6 </del>host <del style="font-weight: bold; text-decoration: none;">2001:470:19:b37::</del>100</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>  #  tcpdump -t -n -i eth0 -vv host <ins style="font-weight: bold; text-decoration: none;">192.168.0.</ins>100</div></td></tr> </table>

Onnowpurbo https://lms.onnocenter.or.id/wiki/index.php?title=IPSec:_ESP_Tunnel_di_Ubuntu_untuk_IPv4&diff=43703&oldid=prev 2015-07-07T02:13:58Z

<p>New page: IPv6 Enkripsi: Contoh IPsec Tunnel Menggunakan racoon Pada kesempatan ini akan di berikan contoh untuk membuat Ipsec tunnel menggunakan racoon pada dua gateway Linux berbasis sistem oper...</p> <p><b>New page</b></p><div>IPv6 Enkripsi: Contoh IPsec Tunnel Menggunakan racoon <br /> <br /> Pada kesempatan ini akan di berikan contoh untuk membuat Ipsec tunnel menggunakan racoon pada dua gateway Linux berbasis sistem operasi Ubuntu 14.04.<br /> <br /> Gateway A: 192.168.0.100/24 VPN Network: 10.10.0.0/24<br /> Gateway B: 192.168.0.101/24 VPN Network: 10.20.0.0/24<br /> <br /> ==Kernel IP Forwarding==<br /> <br /> Pada Gateway A dan Gateway B, kita perlu mengaktifkan kernel IP forwarding ,<br /> <br /> echo 1 &gt; /proc/sys/net/ipv4/conf/all/forwarding<br /> echo 1 &gt; /proc/sys/net/ipv6/conf/all/forwarding<br /> <br /> ==Instalasi racoon dan ipsec-tools==<br /> <br /> Pada Gateway A dan Gateway B, instalasi:<br /> <br /> # apt-get update<br /> # apt-get install racoon ipsec-tools <br /> <br /> Pada pertanyaan “Configuration mode for racoon IKE daemon:” jawab “direct”<br /> <br /> ==Konfigurasi racoon==<br /> <br /> ===Konfigurasi Gateway A===<br /> <br /> Gateway A Konfigurasi /etc/racoon/racoon.conf <br /> <br /> log notify;<br /> path pre_shared_key &quot;/etc/racoon/psk.txt&quot;;<br /> path certificate &quot;/etc/racoon/certs&quot;;<br /> remote 192.168.0.101 { <br /> exchange_mode main,aggressive; <br /> proposal { <br /> encryption_algorithm 3des; <br /> hash_algorithm sha1; <br /> authentication_method pre_shared_key; <br /> dh_group 2; <br /> } <br /> } <br /> <br /> sainfo address 10.10.0.0/24 any address 10.20.0.0/24 any { <br /> pfs_group 2; <br /> lifetime time 1 hour ; <br /> encryption_algorithm 3des, blowfish 448, rijndael ; <br /> authentication_algorithm hmac_sha1, hmac_md5 ; <br /> compression_algorithm deflate ; <br /> } <br /> <br /> Gateway A Konfigurasi /etc/racoon/psk.txt <br /> <br /> 192.168.0.101 a9993e364706816aba3e <br /> <br /> ===Konfigurasi Gateway B===<br /> <br /> Gateway B Konfigurasi /etc/racoon/racoon.conf <br /> <br /> log notify;<br /> path pre_shared_key &quot;/etc/racoon/psk.txt&quot;;<br /> path certificate &quot;/etc/racoon/certs&quot;;<br /> remote 192.168.0.100 { <br /> exchange_mode main,aggressive; <br /> proposal { <br /> encryption_algorithm 3des; <br /> hash_algorithm sha1; <br /> authentication_method pre_shared_key; <br /> dh_group 2; <br /> } <br /> } <br /> <br /> sainfo address 10.20.0.0/24 any address 10.10.0.0/24 any { <br /> pfs_group 2; <br /> lifetime time 1 hour ; <br /> encryption_algorithm 3des, blowfish 448, rijndael ; <br /> authentication_algorithm hmac_sha1, hmac_md5 ; <br /> compression_algorithm deflate ; <br /> } <br /> <br /> Gateway B Konfigurasi /etc/racoon/psk.txt <br /> <br /> 192.168.0.100 a9993e364706816aba3e <br /> <br /> ==Security Policies ==<br /> <br /> ===Konfigurasi Gateway A===<br /> <br /> Gateway A Konfigurasi /etc/ipsec-tools.conf <br /> <br /> flush; <br /> spdflush; <br /> <br /> spdadd 10.10.0.0/24 10.20.0.0/24 any -P out ipsec <br /> esp/tunnel/192.168.0.100-192.168.0.101/require; <br /> spdadd 10.20.0.0/24 10.10.0.0/24 any -P in ipsec <br /> esp/tunnel/192.168.0.101-192.168.0.100/require; <br /> <br /> ===Konfigurasi Gateway B===<br /> <br /> Gateway B Konfigurasi /etc/ipsec-tools.conf <br /> <br /> flush; <br /> spdflush; <br /> <br /> spdadd 10.20.0.0/24 10.10.0.0/24 any -P out ipsec <br /> esp/tunnel/192.168.0.101-192.168.0.100/require;<br /> spdadd 10.10.0.0/24 10.20.0.0/24 any -P in ipsec <br /> esp/tunnel/192.168.0.100-192.168.0.101/require; <br /> <br /> ==Run==<br /> <br /> Pada Gateway A maupun Gateway B jalankan perintah berikut<br /> <br /> /etc/init.d/setkey restart <br /> /etc/init.d/racoon restart <br /> <br /> Akan tampak<br /> <br /> * Flushing IPsec SA/SP database: [ OK ]<br /> * Loading IPsec SA/SP database: [ OK ]<br /> * Restarting IKE (ISAKMP/Oakley) server racoon [ OK ] <br /> <br /> Cek /var/log/syslog <br /> <br /> # tail /var/log/syslog<br /> <br /> Akan keluar kira-kira<br /> Jul 7 07:42:01 server100 racoon: INFO: @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net)<br /> Jul 7 07:42:01 server100 racoon: INFO: @(#)This product linked OpenSSL 1.0.1f 6 Jan 2014 (http://www.openssl.org/)<br /> Jul 7 07:42:01 server100 racoon: INFO: Reading configuration from &quot;/etc/racoon/racoon.conf&quot;<br /> Pastikan tidak ada error. Jika ada error timeout, restart ipsec dan racoon.<br /> <br /> Pada Gateway A tambahkan routing<br /> ip addr add 10.10.0.1/24 dev eth0 <br /> ip route add to 10.20.0.0/24 via 10.10.0.1 src 10.10.0.1<br /> <br /> Pada Gateway B tambahkan routing<br /> ip addr add 10.20.0.1/24 dev eth0 <br /> ip route add to 10.10.0.0/24 via 10.20.0.1 src 10.20.0.1<br /> <br /> Setelah VPN tersambung, coba dari Gateway A:<br /> <br /> ping 10.20.0.1<br /> <br /> ==Debugging==<br /> <br /> Dari mesin Gateway B 2001:470:19:b37::101 <br /> Proses debugging jika dibutuhkan dapat menggunakan tcpdump dengan perintah, misalnya,<br /> <br /> # tcpdump -t -n -i eth0 -vv ip6 host 2001:470:19:b37::100</div>

Onnowpurbo