apps/openlan
1
0
Fork 0
mirror of https://github.com/luscis/openlan.git synced 2025-10-05 08:36:59 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
e57dba7acd3656f795e3ab4394b57f62e67ce6cb
openlan/docs/ipsec.md
sicheng ac4f79bbf4 clone from danieldin95
2022-07-29 23:38:54 +08:00

58 lines
1.8 KiB
Markdown
Executable File
Raw Blame History

Topology
========
We use 192.168.7.0/24 as underlay network for IPSec. And S1 has public address with 192.168.7.11, C1 and C2 under firewall without public address.
+----+
| s1 | -- .10.1/24
+----+
/ \
/ \
/ \
+----+ +----+
192.168.2.0/24 -- | c2 | | c3 | -- 192.168.3.0/24
+----+ +----+
| |
.10.2/32 .10.3/32
Server
======
```
$ openlan network add --name ipsec --provider esp --address 10.10.10.1/24
$ openlan link add --network ipsec --device spi:12 --remote-address 10.10.10.2
$ openlan link add --network ipsec --device spi:13 --remote-address 10.10.10.3
```
```
$ openlan route add --network ipsec --prefix 192.168.2.0/24 --gateway spi:12
$ openlan route add --network ipsec --prefix 192.168.3.0/24 --gateway spi:13
```
Client
======
C2
--
```
$ openlan network add --name ipsec --provider esp --address 10.10.10.2
$ openlan link add --network ipsec --connection udp:192.168.7.11 --device spi:12 --remote-address 10.10.10.1/24
$ openlan link ls
```
```
$ ping 10.10.10.1
```
```
$ openlan route add --network ipsec --prefix 192.168.3.0/24 --gateway spi:12
```
C3
--
```
$ openlan network add --name ipsec --provider esp --address 10.10.10.3
$ openlan link add --network ipsec --connection udp:192.168.7.11 --device spi:13 --remote-address 10.10.10.1/24
```
```
$ ping 10.10.10.2
```
```
$ openlan route add --network ipsec --prefix 192.168.2.0/24 --gateway spi:13
```
Reference in New Issue View Git Blame Copy Permalink