pp select anonymous no ppp ccp type none ppp ccp type mppe-any]]>
C841M
RTX1220
C841M
crypto isakmp policy 10 encr 3des authentication pre-share group 2 lifetime 28800 exit ! crypto isakmp key XKXt93CwB3QGq9p5 address 0.0.0.0 0.0.0.0 ! crypto ipsec transform-set RTX-TS esp-3des esp-sha-hmac mode tunnel ! crypto ipsec profile RTX-IPSEC-PROFILE set transform-set RTX-TS ! interface Tunnel 20 ip address 10.28.15.9 255.255.255.252 tunnel source Dialer1 tunnel destination yamaha-rtx1220.hoge0.netvolante.jp tunnel mode ipsec ipv4 tunnel protection ipsec profile RTX-IPSEC-PROFILE exit ! ip route 192.168.151.0 255.255.255.0 10.28.15.10 ! event manager applet TUNNEL-DDNS-EMA event timer cron name TUNNEL-DDNS-ETC cron-entry "* * * * *" action 1.0 cli command "enable" action 1.1 cli command "conf t" action 1.2 cli command "int Tunnel20" action 1.3 cli command "tunnel destination yamaha-rtx1220.hoge0.netvolante.jp" exit !
RTX1220
tunnel select 10 ipsec tunnel 101 ipsec sa policy 101 10 esp 3des-cbc sha-hmac ipsec ike duration ipsec-sa 10 3600 ipsec ike duration isakmp-sa 10 28800 ipsec ike encryption 10 3des-cbc ipsec ike group 10 modp1024 ipsec ike hash 10 sha ipsec ike keepalive use 10 on icmp-echo 10.28.15.9 ipsec ike local id 10 192.168.151.0/24 ipsec ike pre-shared-key 10 text XKXt93CwB3QGq9p5 ipsec ike remote address 10 cisco-c841m.hoge0.mydns.jp ipsec ike remote id 10 192.168.128.0/24 ip tunnel tcp mss limit 1350 ip tunnel address 10.28.15.10/30 tunnel enable 10 ipsec use on ipsec auto refresh on ip route 192.168.128.0/24 gateway tunnel 10 nat descriptor masquerade static 1000 1 10.28.15.10 udp 500 nat descriptor masquerade static 1000 2 10.28.15.10 esp # フィルタを設定している場合は、適切な所に追加してください。 ip filter 300101 pass * 10.28.15.10 udp * 500 ip filter 300102 pass * 10.28.15.10 esp pp select 1 ip pp secure filter in ***** ***** ***** 300101 300102 ***** *****]]>
dd if=/dev/zero of=/tmp/write.tmp ibs=1M obs=1M count=512 512+0 records in 512+0 records out 536870912 bytes (537 MB) copied, 9.79807 s, 54.8 MB/s
VPN越しの自宅NASへの計測
sudo dd if=/dev/zero of=/mnt/yshome_owncloud/ysrock/write.tmp ibs=1M obs=1M count=512 512+0 records in 512+0 records out 536870912 bytes (537 MB) copied, 87.5785 s, 6.1 MB/s
次回VPNをIPv6で接続して比較してみよう
]]>■追加したいipv4
ip addr add 192.168.10.100/24 dev tap_vpn
■追加したいルーティングテーブル
ip route add 192.168.20.0/24 via 192.168.10.200 dev tap_vpn ip route add 192.168.30.0/24 via 192.168.10.200 dev tap_vpn
tap_vpnはSoftEtherで作成したtap
$ sudo vi /etc/systemd/system/vpnserver.service [Unit] Description=SoftEther VPN Server After=network.target local-fs.target [Service] Type=forking ExecStart=/usr/local/vpnserver/vpnserver start ExecStartPost=/usr/local/vpnserver/tap_start.sh ExecStop=/usr/local/vpnserver/vpnserver stop [Install] WantedBy=multi-user.target
$ sudo vi /usr/local/vpnserver/tap_start.sh #!/bin/sh sleep 3 tap_dev=`/sbin/ip tuntap | awk -F: '{print $1}'` if [ -n "$tap_dev" ]; then /usr/sbin/ip addr add 192.168.10.100/24 dev $tap_dev /usr/sbin/ip route add 192.168.20.0/24 via 192.168.10.200 dev $tap_dev /usr/sbin/ip route add 192.168.30.0/24 via 192.168.10.200 dev $tap_dev fi]]>