https://onnocenter.or.id/wiki/index.php?action=history&feed=atom&title=IPSec%3A_ESP_Tunnel_di_UBuntu_untuk_IPv6 2026-05-07T04:49:21Z Revision history for this page on the wiki MediaWiki 1.35.4 https://onnocenter.or.id/wiki/index.php?title=IPSec:_ESP_Tunnel_di_UBuntu_untuk_IPv6&diff=43702&oldid=prev 2015-07-07T02:05:20Z

<p>New page: IPv6 Enkripsi: Contoh IPsec Tunnel Menggunakan racoon Pada kesempatan ini akan di berikan contoh untuk membuat Ipsec tunnel menggunakan racoon pada dua gateway Linux berbasis sistem oper...</p> <p><b>New page</b></p><div>IPv6 Enkripsi: Contoh IPsec Tunnel Menggunakan racoon <br /> <br /> Pada kesempatan ini akan di berikan contoh untuk membuat Ipsec tunnel menggunakan racoon pada dua gateway Linux berbasis sistem operasi Ubuntu 14.04.<br /> <br /> Gateway A: IPv6 2001:470:19:b37::100/64 VPN Network: 2002::/64<br /> Gateway B: IPv6 2001:470:19:b37::101/64 VPN Network: 2003::/64<br /> <br /> ==Kernel IP Forwarding==<br /> <br /> Pada Gateway A dan Gateway B, kita perlu mengaktifkan kernel IP forwarding ,<br /> <br /> echo 1 &gt; /proc/sys/net/ipv4/conf/all/forwarding<br /> echo 1 &gt; /proc/sys/net/ipv6/conf/all/forwarding<br /> <br /> ==Instalasi racoon dan ipsec-tools==<br /> <br /> Pada Gateway A dan Gateway B, instalasi:<br /> <br /> # apt-get update<br /> # apt-get install racoon ipsec-tools <br /> <br /> Pada pertanyaan “Configuration mode for racoon IKE daemon:” jawab “direct”<br /> <br /> ==Konfigurasi racoon==<br /> <br /> ===Konfigurasi Gateway A===<br /> <br /> Gateway A Konfigurasi /etc/racoon/racoon.conf <br /> <br /> log notify;<br /> path pre_shared_key &quot;/etc/racoon/psk.txt&quot;;<br /> path certificate &quot;/etc/racoon/certs&quot;;<br /> remote 2001:470:19:b37::101 { <br /> exchange_mode main,aggressive; <br /> proposal { <br /> encryption_algorithm 3des; <br /> hash_algorithm sha1; <br /> authentication_method pre_shared_key; <br /> dh_group 2; <br /> } <br /> } <br /> <br /> sainfo address 2002::/64 any address 2003::/64 any { <br /> pfs_group 2; <br /> lifetime time 1 hour ; <br /> encryption_algorithm 3des, blowfish 448, rijndael ; <br /> authentication_algorithm hmac_sha1, hmac_md5 ; <br /> compression_algorithm deflate ; <br /> } <br /> <br /> Gateway A Konfigurasi /etc/racoon/psk.txt <br /> <br /> 2001:470:19:b37::101 a9993e364706816aba3e <br /> <br /> ===Konfigurasi Gateway B===<br /> <br /> Gateway B Konfigurasi /etc/racoon/racoon.conf <br /> <br /> log notify;<br /> path pre_shared_key &quot;/etc/racoon/psk.txt&quot;;<br /> path certificate &quot;/etc/racoon/certs&quot;;<br /> remote 2001:470:19:b37::100 { <br /> exchange_mode main,aggressive; <br /> proposal { <br /> encryption_algorithm 3des; <br /> hash_algorithm sha1; <br /> authentication_method pre_shared_key; <br /> dh_group 2; <br /> } <br /> } <br /> <br /> sainfo address 2003::/64 any address 2002::/64 any { <br /> pfs_group 2; <br /> lifetime time 1 hour ; <br /> encryption_algorithm 3des, blowfish 448, rijndael ; <br /> authentication_algorithm hmac_sha1, hmac_md5 ; <br /> compression_algorithm deflate ; <br /> } <br /> <br /> Gateway B Konfigurasi /etc/racoon/psk.txt <br /> <br /> 2001:470:19:b37::100 a9993e364706816aba3e <br /> <br /> ==Security Policies ==<br /> <br /> ===Konfigurasi Gateway A===<br /> <br /> Gateway A Konfigurasi /etc/ipsec-tools.conf <br /> <br /> flush; <br /> spdflush; <br /> <br /> spdadd 2002::/64 2003::/64 any -P out ipsec <br /> esp/tunnel/2001:470:19:b37::100-2001:470:19:b37::101/require; <br /> spdadd 2003::/64 2002::/64 any -P in ipsec <br /> esp/tunnel/2001:470:19:b37::101-2001:470:19:b37::100/require; <br /> <br /> ===Konfigurasi Gateway B===<br /> <br /> Gateway B Konfigurasi /etc/ipsec-tools.conf <br /> <br /> flush; <br /> spdflush; <br /> <br /> spdadd 2003::/64 2002::/64 any -P out ipsec <br /> esp/tunnel/2001:470:19:b37::101-2001:470:19:b37::100/require;<br /> spdadd 2002::/64 2003::/64 any -P in ipsec <br /> esp/tunnel/2001:470:19:b37::100-2001:470:19:b37::101/require; <br /> <br /> ==Run==<br /> <br /> Pada Gateway A maupun Gateway B jalankan perintah berikut<br /> <br /> /etc/init.d/setkey restart <br /> /etc/init.d/racoon restart <br /> <br /> Akan tampak<br /> <br /> * Flushing IPsec SA/SP database: [ OK ]<br /> * Loading IPsec SA/SP database: [ OK ]<br /> * Restarting IKE (ISAKMP/Oakley) server racoon [ OK ] <br /> <br /> Cek /var/log/syslog <br /> <br /> # tail /var/log/syslog<br /> <br /> Akan keluar kira-kira<br /> Jul 7 07:42:01 server100 racoon: INFO: @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net)<br /> Jul 7 07:42:01 server100 racoon: INFO: @(#)This product linked OpenSSL 1.0.1f 6 Jan 2014 (http://www.openssl.org/)<br /> Jul 7 07:42:01 server100 racoon: INFO: Reading configuration from &quot;/etc/racoon/racoon.conf&quot;<br /> Pastikan tidak ada error. Jika ada error timeout, restart ipsec dan racoon.<br /> <br /> Pada Gateway A tambahkan routing<br /> ip -6 addr add 2002::1/64 dev eth0 <br /> ip -6 route add to 2003::/64 via 2002::1 src 2002::1<br /> <br /> Pada Gateway B tambahkan routing<br /> ip -6 addr add 2003::1/64 dev eth0 <br /> ip -6 route add to 2002::/64 via 2003::1 src 2003::1<br /> <br /> Setelah VPN tersambung, coba dari Gateway A:<br /> <br /> ping6 2003::1<br /> <br /> ==Debugging==<br /> <br /> Dari mesin Gateway B 2001:470:19:b37::101 <br /> Proses debugging jika dibutuhkan dapat menggunakan tcpdump dengan perintah, misalnya,<br /> <br /> # tcpdump -t -n -i eth0 -vv ip6 host 2001:470:19:b37::100</div>

Onnowpurbo