Kuruluma ge\u00e7meden \u00f6nce belirtmek isterim ki bu sistemi kurabilmek\u00a0 i\u00e7in tam 1 hafta \u00e7al\u0131\u015ft\u0131m.Pek \u00e7ok kez ba\u015far\u0131s\u0131zl\u0131kla sonu\u00e7land\u0131.Ipsec vpn kurulumunda hatalar veya problemler sunucudan kaynaklanmayabiliyor.Bu da bo\u015funa debelenmenize sebep oluyor.<\/p>\n
\u00d6rne\u011fin ben bu kurulumu Debian Linux 6 ‘da yapabildim.Bundan \u00f6nce Ubuntu Server 11 (i386,x64) ve Ubuntu 10.04.1 (i386,x64) LTS’de denedim.Yani kurulumu tamamlamak i\u00e7in toplam 5 kez linux kurmak zorunda kald\u0131m.Bunun sebebi tahminimce l2tpd servisi ile OS kernel uyumsuzlu\u011fu veya openswan ‘\u0131n kulland\u0131\u011f\u0131 kernel modullerinin yine OS kernel ile tam uyumlu \u00e7al\u0131\u015fmamas\u0131.<\/p>\n
E\u011fer b\u00f6yle bir sistem kullanmak istiyorsan\u0131z muhtemelen windows istemcilerle vpn yapmak isteyeceksiniz.Bu durumda ipsec\/l2tpd vpn ba\u011flant\u0131s\u0131 bak\u0131m\u0131ndan Windows Xp,Vista veya Windows 7 ‘nin de farkl\u0131l\u0131klar g\u00f6sterdi\u011fini g\u00f6rebilirsiniz.<\/p>\n
Tecr\u00fcbe etti\u011fim di\u011fer bir husus da ADSL modem.Ben evimde zxyel 660 prestige modem kullan\u0131yorum.Piyasadaki modemlere g\u00f6re eski fakat iyi cihazlardan biri.Fakat l2tp\/ipsec vpn ba\u011flant\u0131m\u0131 sunucuya ula\u015ft\u0131ram\u0131yor.Yani istek modemden d\u0131\u015far\u0131 \u00e7\u0131km\u0131yor.Belki bir firmware ile \u00e7\u00f6z\u00fclebilir.<\/p>\n
Son olarak s\u00f6yleyece\u011fim \u015fey,kurulumu aynen benim gibi yapsan\u0131z bile sistemin \u00e7al\u0131\u015fmama olas\u0131l\u0131\u011f\u0131n\u0131n her zaman mevcut olmas\u0131.<\/p>\n
Bu kadar gereksiz s\u00f6zden sonra kurulum ortam\u0131na ge\u00e7eyim.<\/p>\n
<\/p>\n
Sunucu ve istemci altyap\u0131s\u0131<\/p>\n
Sunucu ve istemci Vmware \u00fczerinde \u00e7al\u0131\u015fmaktad\u0131r.<\/p>\n
Debian Linux 6 Kernel 2.6.32-5-686 \u00fczerinde Openswan (2.6.28+dfsg-5) + Xl2tpd (1.2.7+dfsg-1)<\/p>\n
Sunucunun iki etherneti var.Biri real ip di\u011fer lokal ip ye sahip.<\/p>\n
\u0130stemci Windows 2008 R2 x64<\/p>\n
<\/p>\n
Kurulum<\/p>\n
\u0130\u015fletim sisteminin kurulumunu en basit haliyle tamamlad\u0131ktan sonra ethernetlerinize ip adreslerinizi atad\u0131ktan sonra paketleri kural\u0131m.<\/p>\n
(Burda \u00f6nemli bir nokta,e\u011fer sunucunuz direk real ip ile internete ba\u011flanm\u0131yorsa,bir modem veya firewall arkas\u0131nda bulunuyorsa ipsec ayarlar\u0131n\u0131 de\u011fi\u015ftirmek zorunda kalabilirsiniz.)<\/p>\n
<\/p>\n
Paketleri apt ile kuruyoruz.<\/p>\n
Konsolda;<\/p>\n
apt-get install openswan xl2tpd<\/p>\n
Bu komutu verdikten sonra ipsec x.509 ile ilgili bir soru ile kar\u015f\u0131la\u015facaks\u0131n\u0131z.Buna hay\u0131r cevab\u0131n\u0131 verin.<\/p>\n
Apt paketleri kuracak fakat bunlar standart konfigurasyonlar\u0131yla \u00e7al\u0131\u015fmaya ba\u015flayacakt\u0131r.<\/p>\n
Openswan sistemde hali haz\u0131rda netkey modulunu tan\u0131yaca\u011f\u0131 i\u00e7in bu modul ile \u00e7al\u0131\u015fmaya ba\u015flayacakt\u0131r.<\/p>\n
Xl2tpd i\u00e7in de durum farkl\u0131 de\u011fil.Hen\u00fcz ayarlar yap\u0131lmad\u0131\u011f\u0131 i\u00e7in sadece \u00e7al\u0131\u015f\u0131yor vaziyette olacakt\u0131r.<\/p>\n
Konsolda;<\/p>\n
ipsec verify<\/p>\n
ps aux | grep ipsec<\/p>\n
ps aux | grep xl2tpd<\/p>\n
komutlar\u0131yla servislerin ba\u015flay\u0131p ba\u015flamad\u0131\u011f\u0131n\u0131 g\u00f6rebilirsiniz.<\/p>\n
ipsec verify \u00e7\u0131kt\u0131s\u0131 a\u015fa\u011f\u0131daki gibi g\u00f6r\u00fclecektir<\/p>\n
<\/p>\n
> ipsec verify FAILED olan k\u0131s\u0131mlardaki problemleri gidermek i\u00e7in \/etc\/sysctl.conf dosyas\u0131n\u0131n bir yede\u011fini al\u0131p,bir editor ile a\u00e7\u0131n ve a\u015fa\u011f\u0131daki sat\u0131rlar\u0131 uygun bi\u00e7imde yerle\u015ftirin<\/p>\n net.ipv4.ip_forward = 1 sysctl.conf dosyan\u0131z\u0131 kaydettikten sonra<\/p>\n Konsolda;<\/p>\n sysctl -p komutunu verin veya sunucunuzu ba\u015ftan ba\u015flat\u0131n.<\/p>\n \u00d6nemli bir nokta,sunucunuzu ba\u015ftan ba\u015flatt\u0131\u011f\u0131n\u0131zda ipsec pid ask\u0131da kalm\u0131\u015f oldu\u011fu i\u00e7in a\u00e7\u0131l\u0131\u015fta start edilemiyor.Debian ve Ubuntuya \u00f6zg\u00fc bir durumdan da kaynaklan\u0131yor olabilir.Hen\u00fcz ger\u00e7ek ortama ge\u00e7irmedi\u011fim i\u00e7in \u00fczerinde durmad\u0131m.<\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" Kuruluma ge\u00e7meden \u00f6nce belirtmek isterim ki bu sistemi kurabilmek\u00a0 i\u00e7in tam 1 hafta \u00e7al\u0131\u015ft\u0131m.Pek \u00e7ok kez ba\u015far\u0131s\u0131zl\u0131kla sonu\u00e7land\u0131.Ipsec vpn kurulumunda hatalar veya problemler sunucudan kaynaklanmayabiliyor.Bu da bo\u015funa debelenmenize sebep oluyor. \u00d6rne\u011fin ben bu kurulumu Debian Linux 6 ‘da yapabildim.Bundan \u00f6nce Ubuntu Server 11 (i386,x64) ve Ubuntu 10.04.1 (i386,x64) LTS’de denedim.Yani kurulumu tamamlamak i\u00e7in toplam 5 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[301,349,350,291],"tags":[],"class_list":["post-281","post","type-post","status-publish","format-standard","hentry","category-ag-uygulamalari","category-linux-server-kurulumu","category-linux-sunucu-kurulumu","category-uncategorized-tr"],"_links":{"self":[{"href":"https:\/\/www.48k.com.tr\/wp-json\/wp\/v2\/posts\/281"}],"collection":[{"href":"https:\/\/www.48k.com.tr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.48k.com.tr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.48k.com.tr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.48k.com.tr\/wp-json\/wp\/v2\/comments?post=281"}],"version-history":[{"count":0,"href":"https:\/\/www.48k.com.tr\/wp-json\/wp\/v2\/posts\/281\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.48k.com.tr\/wp-json\/wp\/v2\/media?parent=281"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.48k.com.tr\/wp-json\/wp\/v2\/categories?post=281"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.48k.com.tr\/wp-json\/wp\/v2\/tags?post=281"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n<\/em>> Checking your system to see if IPsec got installed and started
\n<\/em>> correctly:
\n<\/em>> Version check and ipsec on-path [OK]\n<\/em>> Linux Openswan kernel_version (netkey)
\n<\/em>> Checking for IPsec support in kernel [OK]\n<\/em>> NETKEY detected, testing for disabled ICMP send_redirects
\n<\/em>> [FAILED]\n<\/em>>
\n<\/em>> Please disable \/proc\/sys\/net\/ipv4\/conf\/*\/send_redirects
\n<\/em>> or NETKEY will cause the sending of bogus ICMP redirects!
\n<\/em>>
\n<\/em>> NETKEY detected, testing for disabled ICMP accept_redirects
\n<\/em>> [FAILED]\n<\/em>>
\n<\/em>> Please disable \/proc\/sys\/net\/ipv4\/conf\/*\/accept_redirects
\n<\/em>> or NETKEY will accept bogus ICMP redirects!
\n<\/em>>
\n<\/em>> Checking for RSA private key (\/etc\/ipsec.secrets) [OK]\n<\/em>> Checking that pluto is running [OK]\n<\/em>> Checking for ‘ip’ command [OK]\n<\/em>> Checking for ‘iptables’ command [OK]\n<\/em>> Opportunistic Encryption Support
\n<\/em>> [DISABLED]<\/em><\/p>\n
\nnet.ipv4.conf.default.rp_filter = 0
\nnet.ipv4.conf.all.send_redirects = 0
\nnet.ipv4.conf.default.send_redirects = 0
\nnet.ipv4.icmp_ignore_bogus_error_responses = 1
\nnet.ipv4.conf.default.log_martians = 0
\nnet.ipv4.conf.all.log_martians = 0
\nnet.ipv4.conf.default.accept_source_route = 0
\nnet.ipv4.conf.all.accept_redirects = 0
\nnet.ipv4.conf.default.accept_redirects = 0
\nnet.ipv4.neigh.default.gc_thresh1 = 1024
\nnet.ipv4.neigh.default.gc_thresh2 = 2048
\nnet.ipv4.neigh.default.gc_thresh3 = 4096<\/p>\n