Xiv bob. Tizim xavfsizligi (firewall)
Download 3.63 Mb.
|
LSB 14-BOB (1)
- Bu sahifa navigatsiya:
- Gateway (sedicomm-devgateway)
- Gateway (sedicomm-prodgateway)
|
sudo ufw disable
$ sudo ufw enable Yuqoridagi sozlamalardan so’ng, strongSwan paketini o’rnatib olamiz: sudo apt update $ sudo apt install strongswan O’rnatish jarayoni yakunlangach, tizim avtomatik ravishda faollashadi, bunda biz, holatini tekshirib ko’rishimiz mumkin: $ sudo systemctl status strongswan.service $ sudo systemctl is-enabled strongswan.service Endi, /etc/ipsec.conf yoradamida xavfsizlik shlyuzlarini sozlashni amalga oshiramiz: Gateway (sedicomm-devgateway)$ sudo cp /etc/ipsec.conf /etc/ipsec.conf.orig $ sudo nano /etc/ipsec.conf Quyidagi konfiguratsiyani faylga nusxalaymiz va joylashtiramiz: config setup charondebug="all" uniqueids=yes conn devgateway-to-prodgateway type=tunnel auto=start keyexchange=ikev2 authby=secret left=10.20.20.1 leftsubnet=192.168.0.101/24 right=10.20.20.3 rightsubnet=10.0.2.15/24 ike=aes256-sha1-modp1024! esp=aes256-sha1! aggressive=no keyingtries=%forever ikelifetime=28800s lifetime=3600s dpddelay=30s dpdtimeout=120s dpdaction=restart Gateway (sedicomm-prodgateway)$ sudo cp /etc/ipsec.conf /etc/ipsec.conf.orig Download 3.63 Mb. Do'stlaringiz bilan baham: 
|