The NetDev conference wiki

User Tools

Site Tools

Trace:
0x12:ipsec_tutorial

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
0x12:ipsec_tutorial [2018/07/07 14:59] – created jhs0x12:ipsec_tutorial [2019/09/28 17:04] (current) – external edit 127.0.0.1
Line 1: Line 1:
 This is for folks intending to attend the IPSec tutorial: This is for folks intending to attend the IPSec tutorial:
-https://www.netdevconf.org/0x12/session.html?ipsecike-tutoriallab+https://www.netdevconf.info/0x12/session.html?ipsecike-tutoriallab
  
 The hands-on involves student participation. The hands-on involves student participation.
Line 9: Line 9:
  
 Then please download the netdev-centos-devel.ova from Then please download the netdev-centos-devel.ova from
- https://www.files.netdevconf.org/d/2ee3635c9d4448e3b8b9/+ https://www.files.netdevconf.info/d/2ee3635c9d4448e3b8b9/
  
 and bring up the virtual machine in virtualbox by following and bring up the virtual machine in virtualbox by following
Line 16: Line 16:
 point it at the downloaded netdev-centos-devel.ova and go point it at the downloaded netdev-centos-devel.ova and go
 through the steps to import appliance. through the steps to import appliance.
- 
-Paul Wouters(on Cc) will soon send out additional instructions to make 
-sure you have the latest libreswan rpms.. 
  
 (If you run linux natively on the laptop, the extra indirection (If you run linux natively on the laptop, the extra indirection
Line 28: Line 25:
   (assuming everyone is doing this on their laptop connected over   (assuming everyone is doing this on their laptop connected over
    conference wireless)    conference wireless)
 +   
 +To ensure your libreswan is up to date, please run:
 +
 +sudo rpm -ihv https://download.libreswan.org/binaries/rhel/7/libreswan-release-7-1.noarch.rpm
 +yum install libreswan
 +
 +This also applies to RHEL/CentOS natively. Fedora 27/28 have it already
 +but you might need to grab it from the pending updates using:
 +
 +        yum --enablerepo=updates=testing install libreswan
 +
 +Debian Unstable should already have the latest 3.25 release. If you are using an older Debian
 +or Ubuntu, download the libreswan-3.25 source code and run:
 +
 +        make deb
 +
 +If you see errors about IPV6, run:
 +
 +        echo USE_GLIBC_KERN_FLIP_HEADERS=true >> Makefile.inc.local
 +        echo "USE_SYSTEMD_WATCHDOG=false" >> Makefile.inc.local
 +        echo "USE_DNSSEC=false" >> Makefile.inc.local
 +        echo "USE_NIC_OFFLOAD=false" >>  Makefile.inc.local
 +        make deb
 +
 +(see also https://libreswan.org/wiki/Libreswan_on_Debian_Wheezy)
 +
 +(If you run linux natively on the laptop, the extra indirection
 +through virtualbox is redundant of course!)
 +
 +Although keep in mind that you should have your VM's network bridged
 +to your wifi network, so that you can see other people's VMs without
 +NAT, as we will also be building IPsec tunnels between us.
 +
 +I will also have a few spare VMs running on my own laptop, so those
 +without the disk space to install a VM can use Terminal and ssh into
 +one of my VM's.
 +
0x12/ipsec_tutorial.1530975576.txt.gz · Last modified: 2019/09/28 17:04 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki