diff --git a/bts_annee_2/cyber2/vpn-ipsec/README.md b/bts_annee_2/cyber2/vpn-ipsec/README.md new file mode 100644 index 0000000..807f897 --- /dev/null +++ b/bts_annee_2/cyber2/vpn-ipsec/README.md @@ -0,0 +1 @@ +Dossier avec les fichiers de configuration du tunnel IPsec fait en TP, ainsi que les IPs et tables de routage. \ No newline at end of file diff --git a/bts_annee_2/cyber2/vpn-ipsec/gw1/README.md b/bts_annee_2/cyber2/vpn-ipsec/gw1/README.md new file mode 100644 index 0000000..1a5a60e --- /dev/null +++ b/bts_annee_2/cyber2/vpn-ipsec/gw1/README.md @@ -0,0 +1 @@ +Il faut renommer le fichier ipsec-gw1.conf en ipsec.conf et le placer dans '/etc/' . \ No newline at end of file diff --git a/bts_annee_2/cyber2/vpn-ipsec/gw1/config_ip_gw1 b/bts_annee_2/cyber2/vpn-ipsec/gw1/config_ip_gw1 new file mode 100644 index 0000000..f56a60f --- /dev/null +++ b/bts_annee_2/cyber2/vpn-ipsec/gw1/config_ip_gw1 @@ -0,0 +1,18 @@ +1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 + inet 127.0.0.1/8 scope host lo + valid_lft forever preferred_lft forever + inet6 ::1/128 scope host noprefixroute + valid_lft forever preferred_lft forever +2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 + link/ether 08:00:27:71:ec:44 brd ff:ff:ff:ff:ff:ff + inet 192.168.1.1/24 brd 192.168.1.255 scope global enp0s3 + valid_lft forever preferred_lft forever + inet6 fe80::a00:27ff:fe71:ec44/64 scope link + valid_lft forever preferred_lft forever +3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 + link/ether 08:00:27:c2:6d:0b brd ff:ff:ff:ff:ff:ff + inet 10.0.0.1/24 brd 10.0.0.255 scope global enp0s8 + valid_lft forever preferred_lft forever + inet6 fe80::a00:27ff:fec2:6d0b/64 scope link + valid_lft forever preferred_lft forever diff --git a/bts_annee_2/cyber2/vpn-ipsec/gw1/ipsec-gw1.conf b/bts_annee_2/cyber2/vpn-ipsec/gw1/ipsec-gw1.conf new file mode 100644 index 0000000..88f0ac3 --- /dev/null +++ b/bts_annee_2/cyber2/vpn-ipsec/gw1/ipsec-gw1.conf @@ -0,0 +1,23 @@ +config setup + charondebug="all" + uniqueids=yes + strictcrlpolicy=no +conn %default +conn tunnel # + left=10.0.0.1 + leftsubnet=192.168.1.0/24 + right=10.0.0.2 + rightsubnet=192.168.2.0/24 + ike=aes256-sha2_256-modp1024! + esp=aes256-sha2_256! + keyingtries=0 + ikelifetime=1h + lifetime=8h + dpddelay=30 + dpdtimeout=120 + dpdaction=restart + authby=secret + auto=start + keyexchange=ikev2 + type=tunnel + diff --git a/bts_annee_2/cyber2/vpn-ipsec/gw1/table_routage_gw1 b/bts_annee_2/cyber2/vpn-ipsec/gw1/table_routage_gw1 new file mode 100644 index 0000000..d4c44d5 --- /dev/null +++ b/bts_annee_2/cyber2/vpn-ipsec/gw1/table_routage_gw1 @@ -0,0 +1,3 @@ +10.0.0.0/24 dev enp0s8 proto kernel scope link src 10.0.0.1 +192.168.1.0/24 dev enp0s3 proto kernel scope link src 192.168.1.1 +192.168.2.0/24 via 192.168.1.1 dev enp0s3 diff --git a/bts_annee_2/cyber2/vpn-ipsec/gw2/README.md b/bts_annee_2/cyber2/vpn-ipsec/gw2/README.md new file mode 100644 index 0000000..11a18d5 --- /dev/null +++ b/bts_annee_2/cyber2/vpn-ipsec/gw2/README.md @@ -0,0 +1 @@ +Il faut renommer le fichier ipsec-gw2.conf en ipsec.conf et le placer dans '/etc/' . \ No newline at end of file diff --git a/bts_annee_2/cyber2/vpn-ipsec/gw2/config_ip_gw2 b/bts_annee_2/cyber2/vpn-ipsec/gw2/config_ip_gw2 new file mode 100644 index 0000000..3fd1c91 --- /dev/null +++ b/bts_annee_2/cyber2/vpn-ipsec/gw2/config_ip_gw2 @@ -0,0 +1,18 @@ +1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 + inet 127.0.0.1/8 scope host lo + valid_lft forever preferred_lft forever + inet6 ::1/128 scope host noprefixroute + valid_lft forever preferred_lft forever +2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 + link/ether 08:00:27:35:ba:6d brd ff:ff:ff:ff:ff:ff + inet 192.168.2.1/24 brd 192.168.2.255 scope global enp0s3 + valid_lft forever preferred_lft forever + inet6 fe80::a00:27ff:fe35:ba6d/64 scope link + valid_lft forever preferred_lft forever +3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 + link/ether 08:00:27:ea:8b:77 brd ff:ff:ff:ff:ff:ff + inet 10.0.0.2/24 brd 10.0.0.255 scope global enp0s8 + valid_lft forever preferred_lft forever + inet6 fe80::a00:27ff:feea:8b77/64 scope link + valid_lft forever preferred_lft forever diff --git a/bts_annee_2/cyber2/vpn-ipsec/gw2/ipsec-gw2.conf b/bts_annee_2/cyber2/vpn-ipsec/gw2/ipsec-gw2.conf new file mode 100644 index 0000000..1d0db41 --- /dev/null +++ b/bts_annee_2/cyber2/vpn-ipsec/gw2/ipsec-gw2.conf @@ -0,0 +1,23 @@ +config setup + charondebug="all" + uniqueids=yes + strictcrlpolicy=no +conn %default +conn tunnel # + left=10.0.0.2 + leftsubnet=192.168.2.0/24 + right=10.0.0.1 + rightsubnet=192.168.1.0/24 + ike=aes256-sha2_256-modp1024! + esp=aes256-sha2_256! + keyingtries=0 + ikelifetime=1h + lifetime=8h + dpddelay=30 + dpdtimeout=120 + dpdaction=restart + authby=secret + auto=start + keyexchange=ikev2 + type=tunnel + diff --git a/bts_annee_2/cyber2/vpn-ipsec/gw2/table_routage_gw2 b/bts_annee_2/cyber2/vpn-ipsec/gw2/table_routage_gw2 new file mode 100644 index 0000000..09616ec --- /dev/null +++ b/bts_annee_2/cyber2/vpn-ipsec/gw2/table_routage_gw2 @@ -0,0 +1,2 @@ +10.0.0.0/24 dev enp0s8 proto kernel scope link src 10.0.0.2 +192.168.2.0/24 dev enp0s3 proto kernel scope link src 192.168.2.1