Home IT Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Installation Strongswan: on a Linux IPsec-based VPN tool     - Install the open source database PostgreSQL 9.4 and phpMyAdmin on Ubuntu (Database)

- To deploy MySQL database with separate read and write OneProxy (Database)

- Setting Derby as Linux / Windows running as a service from the start (Server)

- rsync + inotify to achieve real-time synchronization (Server)

- C ++: Postmodern systems programming language (Programming)

- MySQL and MariaDB new master from the cluster configuration GTID (Database)

- Linux LVM Logical Volume Management to resize partitions (Linux)

- Linux Powerful command Awk Introduction (Linux)

- Install Oracle database error process of [INS-35172] (Database)

- Jetty JNDI Development combat (Linux)

- Let MySQL 5.6 support Emoji expression (Database)

- Android realize RippleEffect water (Programming)

- SUSE Linux network configuration and firewall configuration (Linux)

- dmidecode command Detailed (Hardware information) (Linux)

- How UTorrent download the ISO image from the command line (Linux)

- Linux file permissions to modify the command: chmod (Linux)

- Linux System shutdown procedures (Linux)

- Ubuntu Telnet service settings (Linux)

- ARM Linux system call (Linux)

- How to Use Nmap security scanner tool on Linux (Linux)

  Installation Strongswan: on a Linux IPsec-based VPN tool
  Add Date : 2018-11-21      
  IPsec is a provider of network-layer security standards. It contains the Authentication Header (AH) and encapsulating security payload (ESP) module. AH provides integrity package, ESP components provide confidentiality package. IPsec security features to ensure the network layer.

Packet integrity
Non-repudiation of Origin
Replay attack protection
Strongswan is an IPsec protocol source code, Strongswan mean strong safety WAN (StrongS / WAN). It supports IPsec VPN with two versions of the automatic key exchange (Network Key Exchange (IKE) V1 and V2).

Strongswan shared basically provides automatic key exchange between two VPN nodes / gateways, and then it uses the Linux kernel IPsec (AH and ESP) to achieve. After shared key for ESP data encryption IKE mechanism. In IKE phase, strongswan use OpenSSL encryption algorithms (AES, SHA, etc.) and other encryption libraries. In any case, security algorithm in IPsec ESP component uses the Linux kernel implementation. Strongswan main features are as follows:

x.509 certificates or pre-shared key-based authentication
It supports IKEv1 and IKEv2 key exchange protocol
Alternatively, plug-ins and libraries built for integrity and encryption test
Support for elliptic curve DH group and ECDSA certificate
RSA private key and certificate stored on a smart card
It can be used in a client / server (road warrior mode), and gateway to gateway scenario.

how to install

Almost all Linux distributions support Strongswan binary packages. In this tutorial, we will install from binary packages strongswan, strongswan also compiled from the source code with the appropriate characteristics.

Using binary packages

You can use the following command to install Strongswan to Ubuntu 14.04 LTS

$ Sudo aptitude install strongswan

Installation strongswan

strongswan global configuration (strongswan.conf) and ipsec configuration file (ipsec.conf / ipsec.secrets) files are in / etc / directory.

strongswan source compiler installation dependencies

GMP (precision math library strongswan used)
OpenSSL (encryption algorithm from the library)
PKCS (1,7,8,11,12) (integrated certificate and smart card encoding)

1) Use the following command in the terminal to / usr / src / directory

$ Cd / usr / src
2) using the following command from the Web site to download the source code strongswan

$ Sudo wget http://download.strongswan.org/strongswan-5.2.1.tar.gz
(Strongswan-5.2.1.tar.gz is the most current version.)

Download software

3) extract the downloaded software with the following command, and then enter the directory.

$ Sudo tar -xvzf strongswan-5.2.1.tar.gz; cd strongswan-5.2.1
4) use the configure command to configure each option strongswan want.

$ ./configure --prefix = / Usr / local - enable-pkcs11 --enable-openssl

Check strongswan package

If the GMP library is not installed, the following configuration script error will occur.

GMP library error

Therefore, first, use the following command to install GMP library and then execute the configuration script.

gmp installation

However, if you have installed GMP also reported the above error, then use the following command to create soft on Ubuntu, to the path / usr / lib, / lib /, / usr / lib / libgmp.so library x86_64-linux-gnu / under connection.

$ Sudo ln -s /usr/lib/x86_64-linux-gnu/libgmp.so.10.1.3/usr/lib/x86_64-linux-gnu/libgmp.so

softlink of libgmp.so library

After creating libgmp.so soft connection, and then run ./configure script perhaps find the gmp library. However, if the header files gmp other error like this.

GMP header file issu

To solve the above error, use the following command to install libgmp-dev package

$ Sudo aptitude install libgmp-dev

Installation of Development library of GMP

After you install the gmp development libraries, run the configuration script again, if no error occurred, these will see the following output.

Output of Configure scirpt

Use the following command to compile and install strongswan.

$ Sudo make; sudo make install
After installation strongswan, global configuration (strongswan.conf) and ipsec policy / password configuration file (ipsec.conf / ipsec.secretes) is placed in / usr / local / etc directory.

According to our security needs Strongswan can be used as a tunnel or transport mode. It provides a well-known site-2-site model and road warrior mode VPN. It is easy to use on Cisco, Juniper equipment.
- How to upgrade Docker 1.6 on Fedora / CentOS (Server)
- Zombie process under Linux (Linux)
- To install the latest version of the EPEL on CentOS 5.x or 6.x (Linux)
- MySQL root password reset under CentOS (Database)
- The mv command to move the directory two cases under Linux (Linux)
- Upload the project to GitHub, synchronous remote repository Github (Linux)
- Linux data recovery software efficiently practical application extundelete (Linux)
- Debian 7 and Debian 8 users how to install Oracle Java 8 (Linux)
- To add the Oracle JDBC driver in Maven repository (Linux)
- pureftpd basis: Install, configure, implement, anonymous logon (Linux)
- JavaScript original values and complex values (Programming)
- TeamCity continuous integration in the Linux installation (Linux)
- Linux vi command list (Linux)
- Shell Scripting Basics (Linux)
- How to install Git client in Ubuntu (Linux)
- Oracle 11g RMAN cross-platform transfer table space (Database)
- See Shell Script Linux Server network traffic (Server)
- jQuery plugin dynamic label generation (Linux)
- PHP with FastCGI and mod_php Comments (Server)
- Oracle restrict certain IP, the malicious user actions on important table (Database)
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.