{"id":811,"date":"2020-03-02T21:45:20","date_gmt":"2020-03-02T12:45:20","guid":{"rendered":"http:\/\/systemdev.comsys-blog.com\/?p=811"},"modified":"2020-03-02T21:45:20","modified_gmt":"2020-03-02T12:45:20","slug":"edgerouter-x-ipsec","status":"publish","type":"post","link":"https:\/\/tamura.jp\/?p=811","title":{"rendered":"EdgeRouter X Ipsec"},"content":{"rendered":"<p>Ipsec site to site \u3067\u6700\u5f8c\u307e\u3067\u82e6\u52b4\u3057\u305f\u3002<\/p>\n<p>CentOS6 \u306e\u8a2d\u5b9a\u306f<\/p>\n<div>\n<p>config setupconn %default<br \/>\nkeyexchange=ikev1<br \/>\nike=aes128-md5-modp2048!<br \/>\nesp=aes128-md5-modp2048!<br \/>\ncompress=no<\/p>\n<p>conn peer-79.23.254.12-tunnel-1<br \/>\nauthby=secret<br \/>\nauto=start<br \/>\ncloseaction=restart<br \/>\ndpdaction=restart<br \/>\nleft=114.25.214.23<br \/>\nright=79.23.254.12<br \/>\nleftsubnet=172.20.0.0\/16<br \/>\nrightsubnet=10.20.0.0\/16<br \/>\ntype=tunnel<\/p>\n<p>conn peer-79.23.254.12-tunnel-2<br \/>\nauthby=secret<br \/>\nauto=start<br \/>\ncloseaction=restart<br \/>\ndpdaction=restart<br \/>\nleft=114.25.214.23<br \/>\nright=79.23.254.12<br \/>\nleftsubnet=192.168.30.0\/24<br \/>\nrightsubnet=10.10.0.0\/16<br \/>\ntype=tunnel<\/p>\n<\/div>\n<p>\u4eca\u56de\u306fmd5<\/p>\n<p>Edgerouter \u306f\u753b\u9762\u3067\u8a2d\u5b9a<\/p>\n<p>\u2606\u2606\u2606\u2606\u2606\u6700\u5f8c\u306b\u3059\u308b\u3079\u304d\u3053\u3068\u2606\u2606\u2606\u2606\u2606<\/p>\n<p>\u7ba1\u7406\u753b\u9762\u306e Wizard \u30bf\u30d6\u3092\u30af\u30ea\u30c3\u30af<br \/>\nTCP MSS clamping \u3092\u30af\u30ea\u30c3\u30af<br \/>\nEnable MSS clamping for TCP connections \u306b\u30c1\u30a7\u30c3\u30af<br \/>\nInterface Types: All<br \/>\nMSS: 1314<br \/>\nApply \u30dc\u30bf\u30f3\u3092\u62bc\u3059<\/p>\n<p>\u2606\u2606\u2606\u2606\u2606\u6700\u5f8c\u306b\u3059\u308b\u3079\u304d\u3053\u3068\u304a\u307e\u3051\u2606\u2606\u2606\u2606\u2606<br \/>\nCentOS firewall \u306e\u5834\u5408<\/p>\n<p>iptables -A FORWARD -p tcp &#8211;tcp-flags SYN,RST SYN -j TCPMSS  &#8211;clamp-mss-to-pmtu<br \/>\n  or<br \/>\niptables -A FORWARD -p tcp &#8211;tcp-flags SYN,RST SYN -j TCPMSS  &#8211;clamp-mss-to-pmtu -o ipsec0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ipsec site to site \u3067\u6700\u5f8c\u307e\u3067\u82e6\u52b4\u3057\u305f\u3002 CentOS6 \u306e\u8a2d\u5b9a\u306f config setupconn %default keyexchange=ikev1 ike=aes128-md5-modp2048 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-811","post","type-post","status-publish","format-standard","hentry","category-centos6"],"_links":{"self":[{"href":"https:\/\/tamura.jp\/index.php?rest_route=\/wp\/v2\/posts\/811","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tamura.jp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tamura.jp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tamura.jp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tamura.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=811"}],"version-history":[{"count":0,"href":"https:\/\/tamura.jp\/index.php?rest_route=\/wp\/v2\/posts\/811\/revisions"}],"wp:attachment":[{"href":"https:\/\/tamura.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=811"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tamura.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=811"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tamura.jp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=811"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}