Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Installation Strongswan: on a Linux IPsec-based VPN tool     - Install Debian Linux with R on the Android system (Linux)

- Oracle multi-user concurrency and transaction processing (Database)

- To access an Oracle database using Instant Client (Database)

- Oracle utilized undo data recovery operations (Database)

- The basic principles for the protection of a good linux server security (Linux)

- Perl loop (Programming)

- Linux, rename the file or folder (mv command and rename command) (Linux)

- MongoDB 3.0 New Features (Database)

- The source code compiler installation Nginx 1.8.0 under Ubuntu 14.10 (Server)

- The signature can not be verified under Debian (Linux)

- Achieve camera preview by ffplay (Linux)

- SQL Server 2008 database synchronization Notes (Database)

- Ubuntu Linux use ufw or iptables firewall configuration (Linux)

- MySQL master-slave delay problem (Database)

- Strategy Games Ubuntu installation of Wesnoth 1.12.1 (Linux)

- Linux more efficient than select a model epoll (Linux)

- Linux firewall to prevent external network attacks (Linux)

- Unetbootin make use U disk loading Linux system (Linux)

- Hutchison DG standby database CPU consumption reached bottleneck repair (Database)

- Lua and C ++ (Programming)

 
         
  Installation Strongswan: on a Linux IPsec-based VPN tool
     
  Add Date : 2018-11-21      
         
         
         
  IPsec is a provider of network-layer security standards. It contains the Authentication Header (AH) and encapsulating security payload (ESP) module. AH provides integrity package, ESP components provide confidentiality package. IPsec security features to ensure the network layer.

Confidentiality
Packet integrity
Non-repudiation of Origin
Replay attack protection
Strongswan is an IPsec protocol source code, Strongswan mean strong safety WAN (StrongS / WAN). It supports IPsec VPN with two versions of the automatic key exchange (Network Key Exchange (IKE) V1 and V2).

Strongswan shared basically provides automatic key exchange between two VPN nodes / gateways, and then it uses the Linux kernel IPsec (AH and ESP) to achieve. After shared key for ESP data encryption IKE mechanism. In IKE phase, strongswan use OpenSSL encryption algorithms (AES, SHA, etc.) and other encryption libraries. In any case, security algorithm in IPsec ESP component uses the Linux kernel implementation. Strongswan main features are as follows:

x.509 certificates or pre-shared key-based authentication
It supports IKEv1 and IKEv2 key exchange protocol
Alternatively, plug-ins and libraries built for integrity and encryption test
Support for elliptic curve DH group and ECDSA certificate
RSA private key and certificate stored on a smart card
It can be used in a client / server (road warrior mode), and gateway to gateway scenario.

how to install

Almost all Linux distributions support Strongswan binary packages. In this tutorial, we will install from binary packages strongswan, strongswan also compiled from the source code with the appropriate characteristics.

Using binary packages

You can use the following command to install Strongswan to Ubuntu 14.04 LTS

$ Sudo aptitude install strongswan

Installation strongswan

strongswan global configuration (strongswan.conf) and ipsec configuration file (ipsec.conf / ipsec.secrets) files are in / etc / directory.

strongswan source compiler installation dependencies

GMP (precision math library strongswan used)
OpenSSL (encryption algorithm from the library)
PKCS (1,7,8,11,12) (integrated certificate and smart card encoding)
 
step

1) Use the following command in the terminal to / usr / src / directory

$ Cd / usr / src
2) using the following command from the Web site to download the source code strongswan

$ Sudo wget http://download.strongswan.org/strongswan-5.2.1.tar.gz
(Strongswan-5.2.1.tar.gz is the most current version.)

Download software

3) extract the downloaded software with the following command, and then enter the directory.

$ Sudo tar -xvzf strongswan-5.2.1.tar.gz; cd strongswan-5.2.1
4) use the configure command to configure each option strongswan want.

$ ./configure --prefix = / Usr / local - enable-pkcs11 --enable-openssl

Check strongswan package

If the GMP library is not installed, the following configuration script error will occur.

GMP library error

Therefore, first, use the following command to install GMP library and then execute the configuration script.

gmp installation

However, if you have installed GMP also reported the above error, then use the following command to create soft on Ubuntu, to the path / usr / lib, / lib /, / usr / lib / libgmp.so library x86_64-linux-gnu / under connection.

$ Sudo ln -s /usr/lib/x86_64-linux-gnu/libgmp.so.10.1.3/usr/lib/x86_64-linux-gnu/libgmp.so

softlink of libgmp.so library

After creating libgmp.so soft connection, and then run ./configure script perhaps find the gmp library. However, if the header files gmp other error like this.

GMP header file issu

To solve the above error, use the following command to install libgmp-dev package

$ Sudo aptitude install libgmp-dev

Installation of Development library of GMP

After you install the gmp development libraries, run the configuration script again, if no error occurred, these will see the following output.

Output of Configure scirpt

Use the following command to compile and install strongswan.

$ Sudo make; sudo make install
After installation strongswan, global configuration (strongswan.conf) and ipsec policy / password configuration file (ipsec.conf / ipsec.secretes) is placed in / usr / local / etc directory.

According to our security needs Strongswan can be used as a tunnel or transport mode. It provides a well-known site-2-site model and road warrior mode VPN. It is easy to use on Cisco, Juniper equipment.
     
         
         
         
  More:      
 
- MySQL primary and secondary replicate data inconsistencies (Database)
- Laravel cache paged results (Server)
- Use MD5 transform algorithm to prevent exhaustive decipher passwords (Linux)
- MySQL my.cnf sql_mode schema modifications (Database)
- Sudo and Root Account in Ubuntu related (Linux)
- Make full use of the Raspberry Pi SD card space (Linux)
- Linux command execution order control and pipeline (Linux)
- TeamCity continuous integration in the Linux installation (Linux)
- How common Linux automation tasks (Server)
- Introduction and bash history command to quickly call (Linux)
- Android annotation support (Support Annotations) (Programming)
- Udev: Device Manager for Linux Fundamentals (Linux)
- By way of a binary installation innobackupex (Database)
- How to use the Linux command compress JPEG images (Linux)
- Install the Red Hat Container Development Kit on OSX (Server)
- To setup the Swift language learning environment under linux (Linux)
- Archlinux installation tutorial (Linux)
- CentOS 5.x install Lua 5.2.3 error (LIBS = -lncurses) (Linux)
- Security experience: to see how the experts deal with DDoS attacks (Linux)
- Spring JDBC Comments (Programming)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.