Ajout des fichiers de configuration et d'éléments utiles pour le TP sur le VPN ipsec.

2024-10-07 10:51:39 +02:00 · 2024-10-07 10:51:39 +02:00 · f921870fe6
commit f921870fe6
parent 163d690e81
9 changed files with 90 additions and 0 deletions
--- a/bts_annee_2/cyber2/vpn-ipsec/README.md
+++ b/bts_annee_2/cyber2/vpn-ipsec/README.md
@ -0,0 +1 @@
+Dossier avec les fichiers de configuration du tunnel IPsec fait en TP, ainsi que les IPs et tables de routage.
--- a/bts_annee_2/cyber2/vpn-ipsec/gw1/README.md
+++ b/bts_annee_2/cyber2/vpn-ipsec/gw1/README.md
@ -0,0 +1 @@
+Il faut renommer le fichier ipsec-gw1.conf en ipsec.conf et le placer dans '/etc/' .
--- a/bts_annee_2/cyber2/vpn-ipsec/gw1/config_ip_gw1
+++ b/bts_annee_2/cyber2/vpn-ipsec/gw1/config_ip_gw1
@ -0,0 +1,18 @@
+1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
+    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
+    inet 127.0.0.1/8 scope host lo
+       valid_lft forever preferred_lft forever
+    inet6 ::1/128 scope host noprefixroute 
+       valid_lft forever preferred_lft forever
+2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
+    link/ether 08:00:27:71:ec:44 brd ff:ff:ff:ff:ff:ff
+    inet 192.168.1.1/24 brd 192.168.1.255 scope global enp0s3
+       valid_lft forever preferred_lft forever
+    inet6 fe80::a00:27ff:fe71:ec44/64 scope link 
+       valid_lft forever preferred_lft forever
+3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
+    link/ether 08:00:27:c2:6d:0b brd ff:ff:ff:ff:ff:ff
+    inet 10.0.0.1/24 brd 10.0.0.255 scope global enp0s8
+       valid_lft forever preferred_lft forever
+    inet6 fe80::a00:27ff:fec2:6d0b/64 scope link 
+       valid_lft forever preferred_lft forever
--- a/bts_annee_2/cyber2/vpn-ipsec/gw1/ipsec-gw1.conf
+++ b/bts_annee_2/cyber2/vpn-ipsec/gw1/ipsec-gw1.conf
@ -0,0 +1,23 @@
+config setup
+        charondebug="all"
+        uniqueids=yes
+        strictcrlpolicy=no
+conn %default
+conn tunnel #
+        left=10.0.0.1
+        leftsubnet=192.168.1.0/24
+        right=10.0.0.2
+        rightsubnet=192.168.2.0/24
+        ike=aes256-sha2_256-modp1024!
+        esp=aes256-sha2_256!
+        keyingtries=0
+        ikelifetime=1h
+        lifetime=8h
+        dpddelay=30
+        dpdtimeout=120
+        dpdaction=restart
+        authby=secret
+        auto=start
+        keyexchange=ikev2
+        type=tunnel
+
--- a/bts_annee_2/cyber2/vpn-ipsec/gw1/table_routage_gw1
+++ b/bts_annee_2/cyber2/vpn-ipsec/gw1/table_routage_gw1
@ -0,0 +1,3 @@
+10.0.0.0/24 dev enp0s8 proto kernel scope link src 10.0.0.1 
+192.168.1.0/24 dev enp0s3 proto kernel scope link src 192.168.1.1 
+192.168.2.0/24 via 192.168.1.1 dev enp0s3 
--- a/bts_annee_2/cyber2/vpn-ipsec/gw2/README.md
+++ b/bts_annee_2/cyber2/vpn-ipsec/gw2/README.md
@ -0,0 +1 @@
+Il faut renommer le fichier ipsec-gw2.conf en ipsec.conf et le placer dans '/etc/' .
--- a/bts_annee_2/cyber2/vpn-ipsec/gw2/config_ip_gw2
+++ b/bts_annee_2/cyber2/vpn-ipsec/gw2/config_ip_gw2
@ -0,0 +1,18 @@
+1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
+    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
+    inet 127.0.0.1/8 scope host lo
+       valid_lft forever preferred_lft forever
+    inet6 ::1/128 scope host noprefixroute 
+       valid_lft forever preferred_lft forever
+2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
+    link/ether 08:00:27:35:ba:6d brd ff:ff:ff:ff:ff:ff
+    inet 192.168.2.1/24 brd 192.168.2.255 scope global enp0s3
+       valid_lft forever preferred_lft forever
+    inet6 fe80::a00:27ff:fe35:ba6d/64 scope link 
+       valid_lft forever preferred_lft forever
+3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
+    link/ether 08:00:27:ea:8b:77 brd ff:ff:ff:ff:ff:ff
+    inet 10.0.0.2/24 brd 10.0.0.255 scope global enp0s8
+       valid_lft forever preferred_lft forever
+    inet6 fe80::a00:27ff:feea:8b77/64 scope link 
+       valid_lft forever preferred_lft forever
--- a/bts_annee_2/cyber2/vpn-ipsec/gw2/ipsec-gw2.conf
+++ b/bts_annee_2/cyber2/vpn-ipsec/gw2/ipsec-gw2.conf
@ -0,0 +1,23 @@
+config setup
+        charondebug="all"
+        uniqueids=yes
+        strictcrlpolicy=no
+conn %default
+conn tunnel #
+        left=10.0.0.2
+        leftsubnet=192.168.2.0/24
+        right=10.0.0.1
+        rightsubnet=192.168.1.0/24
+        ike=aes256-sha2_256-modp1024!
+        esp=aes256-sha2_256!
+        keyingtries=0
+        ikelifetime=1h
+        lifetime=8h
+        dpddelay=30
+        dpdtimeout=120
+        dpdaction=restart
+        authby=secret
+        auto=start
+        keyexchange=ikev2
+        type=tunnel
+
--- a/bts_annee_2/cyber2/vpn-ipsec/gw2/table_routage_gw2
+++ b/bts_annee_2/cyber2/vpn-ipsec/gw2/table_routage_gw2
@ -0,0 +1,2 @@
+10.0.0.0/24 dev enp0s8 proto kernel scope link src 10.0.0.2 
+192.168.2.0/24 dev enp0s3 proto kernel scope link src 192.168.2.1
				`@ -0,0 +1 @@`
				`Dossier avec les fichiers de configuration du tunnel IPsec fait en TP, ainsi que les IPs et tables de routage.`
				`@ -0,0 +1 @@`
				`Il faut renommer le fichier ipsec-gw1.conf en ipsec.conf et le placer dans '/etc/' .`
				`@ -0,0 +1 @@`
				`Il faut renommer le fichier ipsec-gw2.conf en ipsec.conf et le placer dans '/etc/' .`