service ipsec start
service ipsec restart
ipsec auto --rereadsecrets
ipsec auto --add <nomedotunnel>
ipsec auto --up <nomedotunnel>
service ipsec status
ipsec auto --status
ipsec verify
watch tail -n 100 /var/log/pluto.log
tail -n 1000 /var/log/pluto.log | less
/var/log/auth.log
/var/log/syslog
/etc/ipsec.conf
/etc/ipsec.secrets
/etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
sysctl -p
ip route
route
iptables -nL
iptables -nL -t nat
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
#!/bin/bash
for vpn in /proc/sys/net/ipv4/conf/*;
do echo 0 > $vpn/accept_redirects;
echo 0 > $vpn/send_redirects;
done
#!/bin/bash
iptables -A INPUT -p udp --dport 500 -j ACCEPT
iptables -A INPUT -p tcp --dport 4500 -j ACCEPT
iptables -A INPUT -p udp --dport 4500 -j ACCEPT
siteAprivatesubnet=192.168.1.0/24
siteBprivatesubnet=192.168.0.0/24
siteApublicip=987.654.321.123
iptables -t nat -A POSTROUTING -s $siteAprivatesubnet -d $siteBprivatesubnet -j SNAT --to $siteApublicip
#!/bin/bash
rede1=192.168.10.0/25 # é a subrede de uma das pontas da VPN
rede2=10.0.0.0/25 # subrede de outra ponta da vpn
modprobe ip_nat_ftp
modprobe iptable_nat
if [ "$#" = 0 ]
then
echo "Sintaxe: rc.nat start ou rc.nat stop"
exit 2
fi
if [ "$1" = start ]
then
### Fornece acesso a internet. Esse é o "X" da questão. Só vai mascarar o que não for para $rede1
iptables -t nat -A POSTROUTING -d ! $rede1 -o eth1 -j MASQUERADE
## Habilita as portas do IPSEC
iptables -A INPUT -p udp --sport 500 --dport 500 -j ACCEPT
iptables -A OUTPUT -p udp --sport 500 --dport 500 -j ACCEPT
iptables -A INPUT -p 50 -j ACCEPT
iptables -A OUTPUT -p 50 -j ACCEPT
iptables -A INPUT -p 51 -j ACCEPT
iptables -A OUTPUT -p 51 -j ACCEPT
iptables -A INPUT -p tcp --sport 2020 --dport 2020 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 2020 --dport 2020 -j ACCEPT
exit 0
fi
if [ "$1" = stop ]
then
iptables -t nat -F
exit 0
fi
http://www.systutorials.com/816/port-forwarding-using-iptables/ http://www.vivaolinux.com.br/artigo/VPN-com-Openswan-e-Iptables-(fazendo-NAT)?pagina=2 http://xmodulo.com/create-site-to-site-ipsec-vpn-tunnel-openswan-linux.html