The NetDev conference wiki

User Tools

Site Tools

Trace: ipsec_tutorial
0x12:ipsec_tutorial

This is for folks intending to attend the IPSec tutorial: https://www.netdevconf.info/0x12/session.html?ipsecike-tutoriallab

The hands-on involves student participation. If you are going be running some non-linux OS on your laptop for the Linux IPsec tutorial, please make sure to download and install virtualbox: https://www.virtualbox.org/wiki/Downloads

Then please download the netdev-centos-devel.ova from https://www.files.netdevconf.info/d/2ee3635c9d4448e3b8b9/

and bring up the virtual machine in virtualbox by following the menu pointers to do 

File -> Import Appliance

point it at the downloaded netdev-centos-devel.ova and go through the steps to import appliance.

(If you run linux natively on the laptop, the extra indirection through virtualbox is redundant of course!)

- login/passwd = netdev0x12/netdev0x12

- set up network as “Bridged Adapter” and over wireless network 

(assuming everyone is doing this on their laptop connected over
 conference wireless)

To ensure your libreswan is up to date, please run:

sudo rpm -ihv https://download.libreswan.org/binaries/rhel/7/libreswan-release-7-1.noarch.rpm yum install libreswan

This also applies to RHEL/CentOS natively. Fedora 27/28 have it already but you might need to grab it from the pending updates using: 

      yum --enablerepo=updates=testing install libreswan

Debian Unstable should already have the latest 3.25 release. If you are using an older Debian or Ubuntu, download the libreswan-3.25 source code and run: 

      make deb

If you see errors about IPV6, run: 

      echo USE_GLIBC_KERN_FLIP_HEADERS=true >> Makefile.inc.local
      echo "USE_SYSTEMD_WATCHDOG=false" >> Makefile.inc.local
      echo "USE_DNSSEC=false" >> Makefile.inc.local
      echo "USE_NIC_OFFLOAD=false" >>  Makefile.inc.local
      make deb

(see also https://libreswan.org/wiki/Libreswan_on_Debian_Wheezy)

(If you run linux natively on the laptop, the extra indirection through virtualbox is redundant of course!)

Although keep in mind that you should have your VM's network bridged to your wifi network, so that you can see other people's VMs without NAT, as we will also be building IPsec tunnels between us.

I will also have a few spare VMs running on my own laptop, so those without the disk space to install a VM can use Terminal and ssh into one of my VM's.

0x12/ipsec_tutorial.txt · Last modified: 2019/09/28 17:04 by 127.0.0.1
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki