Home IT Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Installation Strongswan: on a Linux IPsec-based VPN tool     - Linux script commands - terminal recorder (Linux)

- Reason C ++ program running under Linux a segmentation fault core dumped in (Programming)

- GlusterFS distributed storage deployment (Server)

- How to modify the Emacs Major Mode Shortcuts (Linux)

- Use web2py + uWSGI + Nginx Web server built on Linux (Server)

- ORA-00824: can not set sga_target due to existing problem-solving (Database)

- Turning off the interface eth0: error: Disconnect the device 'eth0' (Linux)

- Linux IPTables anti-DDOS attack Shell Scripting (Linux)

- Linux iptables firewall and vsftpd to resolve the issue (Linux)

- Empty password Linux operating system (Linux)

- Oracle Database asynchronous IO cause slow query response (Database)

- Linux formatted partition error Could not stat / dev / sda No such file or directory Solution (Linux)

- Sublime Text 3 best features, plug-ins and settings (Linux)

- Oracle Data File Management (Database)

- How to add any of a Linux distribution beautiful fonts (Linux)

- Linux maximum number of threads and limit the number of queries the current thread (Linux)

- High-performance Linux system firewall detailed analysis of double-effect (Linux)

- Binary Tree Traversal (Linux)

- MySQL management partition table (Database)

- shell-like program (Programming)

  Installation Strongswan: on a Linux IPsec-based VPN tool
  Add Date : 2018-11-21      
  IPsec is a provider of network-layer security standards. It contains the Authentication Header (AH) and encapsulating security payload (ESP) module. AH provides integrity package, ESP components provide confidentiality package. IPsec security features to ensure the network layer.

Packet integrity
Non-repudiation of Origin
Replay attack protection
Strongswan is an IPsec protocol source code, Strongswan mean strong safety WAN (StrongS / WAN). It supports IPsec VPN with two versions of the automatic key exchange (Network Key Exchange (IKE) V1 and V2).

Strongswan shared basically provides automatic key exchange between two VPN nodes / gateways, and then it uses the Linux kernel IPsec (AH and ESP) to achieve. After shared key for ESP data encryption IKE mechanism. In IKE phase, strongswan use OpenSSL encryption algorithms (AES, SHA, etc.) and other encryption libraries. In any case, security algorithm in IPsec ESP component uses the Linux kernel implementation. Strongswan main features are as follows:

x.509 certificates or pre-shared key-based authentication
It supports IKEv1 and IKEv2 key exchange protocol
Alternatively, plug-ins and libraries built for integrity and encryption test
Support for elliptic curve DH group and ECDSA certificate
RSA private key and certificate stored on a smart card
It can be used in a client / server (road warrior mode), and gateway to gateway scenario.

how to install

Almost all Linux distributions support Strongswan binary packages. In this tutorial, we will install from binary packages strongswan, strongswan also compiled from the source code with the appropriate characteristics.

Using binary packages

You can use the following command to install Strongswan to Ubuntu 14.04 LTS

$ Sudo aptitude install strongswan

Installation strongswan

strongswan global configuration (strongswan.conf) and ipsec configuration file (ipsec.conf / ipsec.secrets) files are in / etc / directory.

strongswan source compiler installation dependencies

GMP (precision math library strongswan used)
OpenSSL (encryption algorithm from the library)
PKCS (1,7,8,11,12) (integrated certificate and smart card encoding)

1) Use the following command in the terminal to / usr / src / directory

$ Cd / usr / src
2) using the following command from the Web site to download the source code strongswan

$ Sudo wget http://download.strongswan.org/strongswan-5.2.1.tar.gz
(Strongswan-5.2.1.tar.gz is the most current version.)

Download software

3) extract the downloaded software with the following command, and then enter the directory.

$ Sudo tar -xvzf strongswan-5.2.1.tar.gz; cd strongswan-5.2.1
4) use the configure command to configure each option strongswan want.

$ ./configure --prefix = / Usr / local - enable-pkcs11 --enable-openssl

Check strongswan package

If the GMP library is not installed, the following configuration script error will occur.

GMP library error

Therefore, first, use the following command to install GMP library and then execute the configuration script.

gmp installation

However, if you have installed GMP also reported the above error, then use the following command to create soft on Ubuntu, to the path / usr / lib, / lib /, / usr / lib / libgmp.so library x86_64-linux-gnu / under connection.

$ Sudo ln -s /usr/lib/x86_64-linux-gnu/libgmp.so.10.1.3/usr/lib/x86_64-linux-gnu/libgmp.so

softlink of libgmp.so library

After creating libgmp.so soft connection, and then run ./configure script perhaps find the gmp library. However, if the header files gmp other error like this.

GMP header file issu

To solve the above error, use the following command to install libgmp-dev package

$ Sudo aptitude install libgmp-dev

Installation of Development library of GMP

After you install the gmp development libraries, run the configuration script again, if no error occurred, these will see the following output.

Output of Configure scirpt

Use the following command to compile and install strongswan.

$ Sudo make; sudo make install
After installation strongswan, global configuration (strongswan.conf) and ipsec policy / password configuration file (ipsec.conf / ipsec.secretes) is placed in / usr / local / etc directory.

According to our security needs Strongswan can be used as a tunnel or transport mode. It provides a well-known site-2-site model and road warrior mode VPN. It is easy to use on Cisco, Juniper equipment.
- PHP 5.3 New Features Detail (Linux)
- MySQL database master never solve the synchronization method (Database)
- systemd run levels and service management command Introduction (Linux)
- MongoDB query timeout exception SocketTimeoutException (Database)
- Yii PHP Framework Getting Started tutorial (Linux)
- Linux SSH remote connection service slow Solutions (Linux)
- Linux Security Module (LSM) Introduction (Linux)
- ARM Linux system call (Linux)
- Use NTFS-3G to mount NTFS partitions under Linux U disk and removable hard disk (Linux)
- Kubernetes (k8s) environment to build combat (Server)
- Ubuntu Apache2 setting, problem solving css, pictures, etc. can not be displayed (Server)
- Pydev installed and configured on the Eclipse (Linux)
- How to build a custom exclusive Ubuntu Live CD (Linux)
- GitLab Installation Guide -Ubuntu 14.04 LTS (Server)
- 20 Advanced Java interview questions summary (Programming)
- To create a problem by the statement date comparison of the difference between MySQL and Oracle (Database)
- REDO LOG records management (Database)
- See Linux kernel, CPU, memory, and various versions of the command module and means (Linux)
- Kali Linux resolve GPG error KEYEXPIRED 1425567400 (Linux)
- Ubuntu 12.04 LTS installation configuration JDK1.6.0_45 (Linux)
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.