Changes in e4f4a18: Renamed gre plus ipsec debian to /howto/gre plus ipsec debian

				gre-plus-ipsec-debian.md
			
          @@ -1,89 +0,0 @@

          -# GRE + IPsec on Debian based distros

          -

          -* Install racoon from ipsec-tools.

          -* Define an IPsec security policy in /etc/ipsec-tools.conf

          -* Load the IPsec security policy into the IPsec security policy database.

          -* Configure the racoon daemon.

          -* Configure a GRE tunnel.

          -

          -## Used resources in this example:

          -* tunnel endpoints: 1.2.3.4 and 5.6.7.8

          -* internal IPv4 addresses: 10.0.0.1 and 10.0.0.2

          -

          -## Define an IPsec security policy

          -Example policy on 1.2.3.4:

          -```bash

          -#!/usr/sbin/setkey -f

          -spdadd 1.2.3.4 5.6.7.8 gre -P out ipsec esp/transport//require;

          -spdadd 5.6.7.8 1.2.3.4 gre -P in  ipsec esp/transport//require;

          -```

          -Change the direction on 5.6.7.8.

          -

          -## Load the IPsec security policy into the IPsec security policy database

          -Load the policy with the setkey command.

          -```

          -setkey -f /etc/ipsec-tools.conf

          -```

          -Afterward check the policy database with:

          -```

          -setkey -DP

          -```

          -

          -## Configure the racoon daemon

          -An example /etc/racoon/racoon.conf.

          -```

          -path pre_shared_key "/etc/racoon/psk.txt";

          -path certificate    "/etc/racoon/certs";

          -log info;

          -

          -listen {

          -  # replace with local tunnel endpoint

          -  isakmp      1.2.3.4 [500];

          -  isakmp_natt 1.2.3.4 [4500];

          -}

          -

          -# replace with remote tunnel endpoint

          -remote 5.6.7.8 [500] {

          -  exchange_mode    main;

          -  proposal_check   strict;

          -  my_identifier    asn1dn;

          -  peers_identifier asn1dn;

          -  lifetime         time 1 hour;

          -  certificate_type x509 "local.crt" "local.key";

          -  peers_certfile   x509 "remote.crt";

          -  ca_type          x509 "ca.crt";

          -  verify_cert      on;

          -  send_cert        off;

          -  send_cr          off;

          -  

          -  proposal {

          -    encryption_algorithm  aes 256;

          -    hash_algorithm        sha256;

          -    authentication_method rsasig;

          -    dh_group              modp4096;

          -  }

          -}

          -

          -# local tunnel endpoint, GRE ip protocol number, remote tunnel endpoint, GRE ip protocol number

          -sainfo address 1.2.3.4 47 address 5.6.7.8 47 {

          -  pfs_group                modp4096;

          -  lifetime                 time 1 hour;

          -  encryption_algorithm     aes 256;

          -  authentication_algorithm hmac_sha1;

          -  compression_algorithm    deflate;

          -}

          -```

          -

          -## Configure a GRE tunnel

          -Add this to /etc/network/interfaces:

          -```

          -auto gre1

          -iface gre1 inet tunnel

          -  mode gre

          -  netmask 255.255.255.255

          -  address 10.0.0.1

          -  dstaddr 10.0.0.2

          -  endpoint 5.6.7.8

          -  local 1.2.3.4

          -  ttl 255

          -```

				howto/gre-plus-ipsec-debian.md
			
          @@ -0,0 +1,89 @@

          +# GRE + IPsec on Debian based distros

          +

          +* Install racoon from ipsec-tools.

          +* Define an IPsec security policy in /etc/ipsec-tools.conf

          +* Load the IPsec security policy into the IPsec security policy database.

          +* Configure the racoon daemon.

          +* Configure a GRE tunnel.

          +

          +## Used resources in this example:

          +* tunnel endpoints: 1.2.3.4 and 5.6.7.8

          +* internal IPv4 addresses: 10.0.0.1 and 10.0.0.2

          +

          +## Define an IPsec security policy

          +Example policy on 1.2.3.4:

          +```bash

          +#!/usr/sbin/setkey -f

          +spdadd 1.2.3.4 5.6.7.8 gre -P out ipsec esp/transport//require;

          +spdadd 5.6.7.8 1.2.3.4 gre -P in  ipsec esp/transport//require;

          +```

          +Change the direction on 5.6.7.8.

          +

          +## Load the IPsec security policy into the IPsec security policy database

          +Load the policy with the setkey command.

          +```

          +setkey -f /etc/ipsec-tools.conf

          +```

          +Afterward check the policy database with:

          +```

          +setkey -DP

          +```

          +

          +## Configure the racoon daemon

          +An example /etc/racoon/racoon.conf.

          +```

          +path pre_shared_key "/etc/racoon/psk.txt";

          +path certificate    "/etc/racoon/certs";

          +log info;

          +

          +listen {

          +  # replace with local tunnel endpoint

          +  isakmp      1.2.3.4 [500];

          +  isakmp_natt 1.2.3.4 [4500];

          +}

          +

          +# replace with remote tunnel endpoint

          +remote 5.6.7.8 [500] {

          +  exchange_mode    main;

          +  proposal_check   strict;

          +  my_identifier    asn1dn;

          +  peers_identifier asn1dn;

          +  lifetime         time 1 hour;

          +  certificate_type x509 "local.crt" "local.key";

          +  peers_certfile   x509 "remote.crt";

          +  ca_type          x509 "ca.crt";

          +  verify_cert      on;

          +  send_cert        off;

          +  send_cr          off;

          +  

          +  proposal {

          +    encryption_algorithm  aes 256;

          +    hash_algorithm        sha256;

          +    authentication_method rsasig;

          +    dh_group              modp4096;

          +  }

          +}

          +

          +# local tunnel endpoint, GRE ip protocol number, remote tunnel endpoint, GRE ip protocol number

          +sainfo address 1.2.3.4 47 address 5.6.7.8 47 {

          +  pfs_group                modp4096;

          +  lifetime                 time 1 hour;

          +  encryption_algorithm     aes 256;

          +  authentication_algorithm hmac_sha1;

          +  compression_algorithm    deflate;

          +}

          +```

          +

          +## Configure a GRE tunnel

          +Add this to /etc/network/interfaces:

          +```

          +auto gre1

          +iface gre1 inet tunnel

          +  mode gre

          +  netmask 255.255.255.255

          +  address 10.0.0.1

          +  dstaddr 10.0.0.2

          +  endpoint 5.6.7.8

          +  local 1.2.3.4

          +  ttl 255

          +```

...	...	@@ -1,89 +0,0 @@
1		-# GRE + IPsec on Debian based distros
2		-
3		-* Install racoon from ipsec-tools.
4		-* Define an IPsec security policy in /etc/ipsec-tools.conf
5		-* Load the IPsec security policy into the IPsec security policy database.
6		-* Configure the racoon daemon.
7		-* Configure a GRE tunnel.
8		-
9		-## Used resources in this example:
10		-* tunnel endpoints: 1.2.3.4 and 5.6.7.8
11		-* internal IPv4 addresses: 10.0.0.1 and 10.0.0.2
12		-
13		-## Define an IPsec security policy
14		-Example policy on 1.2.3.4:
15		-```bash
16		-#!/usr/sbin/setkey -f
17		-spdadd 1.2.3.4 5.6.7.8 gre -P out ipsec esp/transport//require;
18		-spdadd 5.6.7.8 1.2.3.4 gre -P in ipsec esp/transport//require;
19		-```
20		-Change the direction on 5.6.7.8.
21		-
22		-## Load the IPsec security policy into the IPsec security policy database
23		-Load the policy with the setkey command.
24		-```
25		-setkey -f /etc/ipsec-tools.conf
26		-```
27		-Afterward check the policy database with:
28		-```
29		-setkey -DP
30		-```
31		-
32		-## Configure the racoon daemon
33		-An example /etc/racoon/racoon.conf.
34		-```
35		-path pre_shared_key "/etc/racoon/psk.txt";
36		-path certificate "/etc/racoon/certs";
37		-log info;
38		-
39		-listen {
40		- # replace with local tunnel endpoint
41		- isakmp 1.2.3.4 [500];
42		- isakmp_natt 1.2.3.4 [4500];
43		-}
44		-
45		-# replace with remote tunnel endpoint
46		-remote 5.6.7.8 [500] {
47		- exchange_mode main;
48		- proposal_check strict;
49		- my_identifier asn1dn;
50		- peers_identifier asn1dn;
51		- lifetime time 1 hour;
52		- certificate_type x509 "local.crt" "local.key";
53		- peers_certfile x509 "remote.crt";
54		- ca_type x509 "ca.crt";
55		- verify_cert on;
56		- send_cert off;
57		- send_cr off;
58		-
59		- proposal {
60		- encryption_algorithm aes 256;
61		- hash_algorithm sha256;
62		- authentication_method rsasig;
63		- dh_group modp4096;
64		- }
65		-}
66		-
67		-# local tunnel endpoint, GRE ip protocol number, remote tunnel endpoint, GRE ip protocol number
68		-sainfo address 1.2.3.4 47 address 5.6.7.8 47 {
69		- pfs_group modp4096;
70		- lifetime time 1 hour;
71		- encryption_algorithm aes 256;
72		- authentication_algorithm hmac_sha1;
73		- compression_algorithm deflate;
74		-}
75		-```
76		-
77		-## Configure a GRE tunnel
78		-Add this to /etc/network/interfaces:
79		-```
80		-auto gre1
81		-iface gre1 inet tunnel
82		- mode gre
83		- netmask 255.255.255.255
84		- address 10.0.0.1
85		- dstaddr 10.0.0.2
86		- endpoint 5.6.7.8
87		- local 1.2.3.4
88		- ttl 255
89		-```

...	...	@@ -0,0 +1,89 @@
	1	+# GRE + IPsec on Debian based distros
	2	+
	3	+* Install racoon from ipsec-tools.
	4	+* Define an IPsec security policy in /etc/ipsec-tools.conf
	5	+* Load the IPsec security policy into the IPsec security policy database.
	6	+* Configure the racoon daemon.
	7	+* Configure a GRE tunnel.
	8	+
	9	+## Used resources in this example:
	10	+* tunnel endpoints: 1.2.3.4 and 5.6.7.8
	11	+* internal IPv4 addresses: 10.0.0.1 and 10.0.0.2
	12	+
	13	+## Define an IPsec security policy
	14	+Example policy on 1.2.3.4:
	15	+```bash
	16	+#!/usr/sbin/setkey -f
	17	+spdadd 1.2.3.4 5.6.7.8 gre -P out ipsec esp/transport//require;
	18	+spdadd 5.6.7.8 1.2.3.4 gre -P in ipsec esp/transport//require;
	19	+```
	20	+Change the direction on 5.6.7.8.
	21	+
	22	+## Load the IPsec security policy into the IPsec security policy database
	23	+Load the policy with the setkey command.
	24	+```
	25	+setkey -f /etc/ipsec-tools.conf
	26	+```
	27	+Afterward check the policy database with:
	28	+```
	29	+setkey -DP
	30	+```
	31	+
	32	+## Configure the racoon daemon
	33	+An example /etc/racoon/racoon.conf.
	34	+```
	35	+path pre_shared_key "/etc/racoon/psk.txt";
	36	+path certificate "/etc/racoon/certs";
	37	+log info;
	38	+
	39	+listen {
	40	+ # replace with local tunnel endpoint
	41	+ isakmp 1.2.3.4 [500];
	42	+ isakmp_natt 1.2.3.4 [4500];
	43	+}
	44	+
	45	+# replace with remote tunnel endpoint
	46	+remote 5.6.7.8 [500] {
	47	+ exchange_mode main;
	48	+ proposal_check strict;
	49	+ my_identifier asn1dn;
	50	+ peers_identifier asn1dn;
	51	+ lifetime time 1 hour;
	52	+ certificate_type x509 "local.crt" "local.key";
	53	+ peers_certfile x509 "remote.crt";
	54	+ ca_type x509 "ca.crt";
	55	+ verify_cert on;
	56	+ send_cert off;
	57	+ send_cr off;
	58	+
	59	+ proposal {
	60	+ encryption_algorithm aes 256;
	61	+ hash_algorithm sha256;
	62	+ authentication_method rsasig;
	63	+ dh_group modp4096;
	64	+ }
	65	+}
	66	+
	67	+# local tunnel endpoint, GRE ip protocol number, remote tunnel endpoint, GRE ip protocol number
	68	+sainfo address 1.2.3.4 47 address 5.6.7.8 47 {
	69	+ pfs_group modp4096;
	70	+ lifetime time 1 hour;
	71	+ encryption_algorithm aes 256;
	72	+ authentication_algorithm hmac_sha1;
	73	+ compression_algorithm deflate;
	74	+}
	75	+```
	76	+
	77	+## Configure a GRE tunnel
	78	+Add this to /etc/network/interfaces:
	79	+```
	80	+auto gre1
	81	+iface gre1 inet tunnel
	82	+ mode gre
	83	+ netmask 255.255.255.255
	84	+ address 10.0.0.1
	85	+ dstaddr 10.0.0.2
	86	+ endpoint 5.6.7.8
	87	+ local 1.2.3.4
	88	+ ttl 255
	89	+```