CURE - Informática - Contribuciones del usuario [es]

IPSec en OpenWrt

2011-07-03T17:26:38Z

Marcos:

IPSec (Internet Protocol Security), es un conjunto de protocolos cuya función es asegurar las comunicaciones sobre el protocolo IP, autenticando y/o cifrando cada paquete IP en un flujo de datos.

Plain IPSec

Esta configuración asume un router OpenWRT con conexión a Internet y con IP dinámica, conectando a un sitio central con una dirección IP fija. El objetivo es la creación de IPSEC entre los dos sitios para la red local y / o Wi-Fi conectado al router OpenWRT, que puede hablar a la LAN conectada a la central de gateway IPSEC. Para la configuración de ejemplo se supone la siguiente configuración:

central site IP address 1.2.3.4

central site LAN 192.168.2.0/24

central site name central.site.vpn

road warrior LAN 192.168.1.0/24

road warrior email road@warrior.vpn

Optionally devide wireless from wired network

If LAN and WIFI should be handled differently by the central site, it makes sense to seperate them and use two differnet IPSEC tunnels.
Install openswan

ipkg install openswan kmod-openswan ntpclient

Configuration

In this example, a configuration using a X.509 PKI is being used. Shared key is not really useful for road warrior setups, as it would require all road warriors to use the same shared key.
Create CA and certificates for all gateways

In this example, the hostname is used as common name for the central station and the email address for the road warrior. Some hints on how to use openssl to manage a PKI can be found at http://www.natecarlson.com/linux/ipsec-x509.php or http://freifunk.net/wiki/X509

On the OpenWRT box, copy the CA certificate to /etc/ipsec.d/cacerts/cacert.pem, the road warrior certificate to /etc/ipsec.d/certs/roadwarrior.pem and the private key to /etc/ipsec.d/private/roadwarriorkey.pem
Create /etc/ipsec.conf

Un ejemplo de configuración es:

version 2.0 # conforms to second version of ipsec.conf specification

# basic configuration
config setup
# plutodebug / klipsdebug = "all", "none" or a combation from below:
# "raw crypt parsing emitting control klips pfkey natt x509 private"
# eg:
plutodebug="none"
klipsdebug="none"
#
# Only enable klipsdebug=all if you are a developer
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
nat_traversal=no
# virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12
interfaces=%defaultroute

conn central
authby=rsasig
esp=aes-sha1
right=1.2.3.4
rightsubnet=192.168.2.0/24
rightrsasigkey=%cert
rightid=@central.site.vpn
left=%defaultroute
leftsubnet=192.168.1.0/24
leftrsasigkey=%cert
leftid=road@warrior.vpn
leftcert=roadwarrior.pem
dpddelay=5
dpdtimeout=15
dpdaction=restart
auto=start
#keylife=20m
keyingtries=%forever

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

Create /etc/ipsec.secrets

This file contains the name of the private key file and the passphrase needed to open the file:

: RSA roadwarriorkey.pem "passphrase"

Permissions

Make sure the permissions of /etc/ipsec.secrets and /etc/ipsec.d/private/* allow read access only to root (chmod 400).
Hotplug

Configure the hotplug system to start and stop OpenSWAN each time the DSL connection is cut off by the provider:

/etc/hotplug.d/iface/30-ipsec

#!/bin/sh

if [ "$PROTO" != "ppp" ]; then exit; fi

USER=root
export USER

case "$ACTION" in
ifup)
/etc/rc.d/init.d/ipsec start
;;
ifdown)
/etc/rc.d/init.d/ipsec stop
;;
esac

Firewall

Make sure to open your firewall for ESP and ISAKMP traffic (and maybe NAT-T if your setup requires nat-traversal) and disable NAT for the LAN of the central site:

Example /etc/firewall.user:

iptables -A input_rule -p esp -s 1.2.3.4 -j ACCEPT # allow IPSEC

iptables -A input_rule -p udp -s 1.2.3.4 --dport 500 -j ACCEPT # allow ISAKMP

iptables -A input_rule -p udp -s 1.2.3.4 --dport 4500 -j ACCEPT # allow NAT-T

iptables -t nat -A postrouting_rule -d 192.168.2.0/24 -j ACCEPT

# Allow any traffic between road warrior LAN and central LAN

#iptables -A forwarding_rule -i $LAN -o ipsec0 -j ACCEPT

#iptables -A forwarding_rule -i ipsec0 -o $LAN -j ACCEPT

Bugfix (for RC4)

As of Whiterussian RC4, to fix a bug replace /etc/hotplug.d/iface/10-ntpclient by https://dev.openwrt.org/file/trunk/openwrt/package/ntpclient/files/ntpclient.init.
Startup files

Optionally remove /etc/init.d/60ipsec, as this script is not really needed in this setup.
Speed

Depending on the encryption (esp=) the following transfer rates might be achieved:

aes-sha1 160kb/s

3des-sha1 230kb/s

des-sha1 260kb/s

Referencias:

http://wiki.openwrt.org/oldwiki/IPSec

http://es.wikipedia.org/wiki/IPsec

IPSec en OpenWrt

2011-07-03T17:24:08Z

Marcos:

IPSec (Internet Protocol Security), es un conjunto de protocolos cuya función es asegurar las comunicaciones sobre el protocolo IP, autenticando y/o cifrando cada paquete IP en un flujo de datos.

Plain IPSec

Esta configuración asume un router OpenWRT con conexión a Internet y con IP dinámica, conectando a un sitio central con una dirección IP fija. El objetivo es la creación de IPSEC entre los dos sitios para la red local y / o Wi-Fi conectado al router OpenWRT, que puede hablar a la LAN conectada a la central de gateway IPSEC. Para la configuración de ejemplo se supone la siguiente configuración:

central site IP address 1.2.3.4

central site LAN 192.168.2.0/24

central site name central.site.vpn

road warrior LAN 192.168.1.0/24

road warrior email road@warrior.vpn

Optionally devide wireless from wired network

If LAN and WIFI should be handled differently by the central site, it makes sense to seperate them and use two differnet IPSEC tunnels.
Install openswan

ipkg install openswan kmod-openswan ntpclient

Configuration

In this example, a configuration using a X.509 PKI is being used. Shared key is not really useful for road warrior setups, as it would require all road warriors to use the same shared key.
Create CA and certificates for all gateways

In this example, the hostname is used as common name for the central station and the email address for the road warrior. Some hints on how to use openssl to manage a PKI can be found at http://www.natecarlson.com/linux/ipsec-x509.php or http://freifunk.net/wiki/X509

On the OpenWRT box, copy the CA certificate to /etc/ipsec.d/cacerts/cacert.pem, the road warrior certificate to /etc/ipsec.d/certs/roadwarrior.pem and the private key to /etc/ipsec.d/private/roadwarriorkey.pem
Create /etc/ipsec.conf

A sample configuration is:

version 2.0 # conforms to second version of ipsec.conf specification

# basic configuration
config setup
# plutodebug / klipsdebug = "all", "none" or a combation from below:
# "raw crypt parsing emitting control klips pfkey natt x509 private"
# eg:
plutodebug="none"
klipsdebug="none"
#
# Only enable klipsdebug=all if you are a developer
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
nat_traversal=no
# virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12
interfaces=%defaultroute

conn central
authby=rsasig
esp=aes-sha1
right=1.2.3.4
rightsubnet=192.168.2.0/24
rightrsasigkey=%cert
rightid=@central.site.vpn
left=%defaultroute
leftsubnet=192.168.1.0/24
leftrsasigkey=%cert
leftid=road@warrior.vpn
leftcert=roadwarrior.pem
dpddelay=5
dpdtimeout=15
dpdaction=restart
auto=start
#keylife=20m
keyingtries=%forever

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

Create /etc/ipsec.secrets

This file contains the name of the private key file and the passphrase needed to open the file:

: RSA roadwarriorkey.pem "passphrase"

Permissions

Make sure the permissions of /etc/ipsec.secrets and /etc/ipsec.d/private/* allow read access only to root (chmod 400).
Hotplug

Configure the hotplug system to start and stop OpenSWAN each time the DSL connection is cut off by the provider:

/etc/hotplug.d/iface/30-ipsec

#!/bin/sh

if [ "$PROTO" != "ppp" ]; then exit; fi

USER=root
export USER

case "$ACTION" in
ifup)
/etc/rc.d/init.d/ipsec start
;;
ifdown)
/etc/rc.d/init.d/ipsec stop
;;
esac

Firewall

Make sure to open your firewall for ESP and ISAKMP traffic (and maybe NAT-T if your setup requires nat-traversal) and disable NAT for the LAN of the central site:

Example /etc/firewall.user:

iptables -A input_rule -p esp -s 1.2.3.4 -j ACCEPT # allow IPSEC

iptables -A input_rule -p udp -s 1.2.3.4 --dport 500 -j ACCEPT # allow ISAKMP

iptables -A input_rule -p udp -s 1.2.3.4 --dport 4500 -j ACCEPT # allow NAT-T

iptables -t nat -A postrouting_rule -d 192.168.2.0/24 -j ACCEPT

# Allow any traffic between road warrior LAN and central LAN

#iptables -A forwarding_rule -i $LAN -o ipsec0 -j ACCEPT

#iptables -A forwarding_rule -i ipsec0 -o $LAN -j ACCEPT

Bugfix (for RC4)

As of Whiterussian RC4, to fix a bug replace /etc/hotplug.d/iface/10-ntpclient by https://dev.openwrt.org/file/trunk/openwrt/package/ntpclient/files/ntpclient.init.
Startup files

Optionally remove /etc/init.d/60ipsec, as this script is not really needed in this setup.
Speed

Depending on the encryption (esp=) the following transfer rates might be achieved:

aes-sha1 160kb/s

3des-sha1 230kb/s

des-sha1 260kb/s

Referencias:

http://wiki.openwrt.org/oldwiki/IPSec

http://es.wikipedia.org/wiki/IPsec

IPSec en OpenWrt

2011-07-01T21:22:49Z

Marcos:

IPSec (Internet Protocol Security), es un conjunto de protocolos cuya función es asegurar las comunicaciones sobre el protocolo IP, autenticando y/o cifrando cada paquete IP en un flujo de datos.

Plain IPSec

This configuration assumes an OpenWRT router with dynamic Internet connection using DSL and a central site with fixed IP addresses (typical road warrior scenario). The goal is to set up IPSEC between both sites so the LAN and/or WIFI connected to the OpenWRT router can talk to the LAN connected to the central IPSEC gatway. For the sample configuration we assume the following setup:

central site IP address 1.2.3.4

central site LAN 192.168.2.0/24

central site name central.site.vpn

road warrior LAN 192.168.1.0/24

road warrior email road@warrior.vpn

Optionally devide wireless from wired network

If LAN and WIFI should be handled differently by the central site, it makes sense to seperate them and use two differnet IPSEC tunnels.
Install openswan

ipkg install openswan kmod-openswan ntpclient

Configuration

In this example, a configuration using a X.509 PKI is being used. Shared key is not really useful for road warrior setups, as it would require all road warriors to use the same shared key.
Create CA and certificates for all gateways

In this example, the hostname is used as common name for the central station and the email address for the road warrior. Some hints on how to use openssl to manage a PKI can be found at http://www.natecarlson.com/linux/ipsec-x509.php or http://freifunk.net/wiki/X509

On the OpenWRT box, copy the CA certificate to /etc/ipsec.d/cacerts/cacert.pem, the road warrior certificate to /etc/ipsec.d/certs/roadwarrior.pem and the private key to /etc/ipsec.d/private/roadwarriorkey.pem
Create /etc/ipsec.conf

A sample configuration is:

version 2.0 # conforms to second version of ipsec.conf specification

# basic configuration
config setup
# plutodebug / klipsdebug = "all", "none" or a combation from below:
# "raw crypt parsing emitting control klips pfkey natt x509 private"
# eg:
plutodebug="none"
klipsdebug="none"
#
# Only enable klipsdebug=all if you are a developer
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
nat_traversal=no
# virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12
interfaces=%defaultroute

conn central
authby=rsasig
esp=aes-sha1
right=1.2.3.4
rightsubnet=192.168.2.0/24
rightrsasigkey=%cert
rightid=@central.site.vpn
left=%defaultroute
leftsubnet=192.168.1.0/24
leftrsasigkey=%cert
leftid=road@warrior.vpn
leftcert=roadwarrior.pem
dpddelay=5
dpdtimeout=15
dpdaction=restart
auto=start
#keylife=20m
keyingtries=%forever

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

Create /etc/ipsec.secrets

This file contains the name of the private key file and the passphrase needed to open the file:

: RSA roadwarriorkey.pem "passphrase"

Permissions

Make sure the permissions of /etc/ipsec.secrets and /etc/ipsec.d/private/* allow read access only to root (chmod 400).
Hotplug

Configure the hotplug system to start and stop OpenSWAN each time the DSL connection is cut off by the provider:

/etc/hotplug.d/iface/30-ipsec

#!/bin/sh

if [ "$PROTO" != "ppp" ]; then exit; fi

USER=root
export USER

case "$ACTION" in
ifup)
/etc/rc.d/init.d/ipsec start
;;
ifdown)
/etc/rc.d/init.d/ipsec stop
;;
esac

Firewall

Make sure to open your firewall for ESP and ISAKMP traffic (and maybe NAT-T if your setup requires nat-traversal) and disable NAT for the LAN of the central site:

Example /etc/firewall.user:

iptables -A input_rule -p esp -s 1.2.3.4 -j ACCEPT # allow IPSEC

iptables -A input_rule -p udp -s 1.2.3.4 --dport 500 -j ACCEPT # allow ISAKMP

iptables -A input_rule -p udp -s 1.2.3.4 --dport 4500 -j ACCEPT # allow NAT-T

iptables -t nat -A postrouting_rule -d 192.168.2.0/24 -j ACCEPT

# Allow any traffic between road warrior LAN and central LAN

#iptables -A forwarding_rule -i $LAN -o ipsec0 -j ACCEPT

#iptables -A forwarding_rule -i ipsec0 -o $LAN -j ACCEPT

Bugfix (for RC4)

As of Whiterussian RC4, to fix a bug replace /etc/hotplug.d/iface/10-ntpclient by https://dev.openwrt.org/file/trunk/openwrt/package/ntpclient/files/ntpclient.init.
Startup files

Optionally remove /etc/init.d/60ipsec, as this script is not really needed in this setup.
Speed

Depending on the encryption (esp=) the following transfer rates might be achieved:

aes-sha1 160kb/s

3des-sha1 230kb/s

des-sha1 260kb/s

Referencias:

http://wiki.openwrt.org/oldwiki/IPSec

http://es.wikipedia.org/wiki/IPsec

IPSec en OpenWrt

2011-07-01T21:21:12Z

Marcos:

IPSec (Internet Protocol Security), es un conjunto de protocolos cuya función es asegurar las comunicaciones sobre el protocolo IP, autenticando y/o cifrando cada paquete IP en un flujo de datos.

Plain IPSec

This configuration assumes an OpenWRT router with dynamic Internet connection using DSL and a central site with fixed IP addresses (typical road warrior scenario). The goal is to set up IPSEC between both sites so the LAN and/or WIFI connected to the OpenWRT router can talk to the LAN connected to the central IPSEC gatway. For the sample configuration we assume the following setup:

central site IP address 1.2.3.4

central site LAN 192.168.2.0/24

central site name central.site.vpn

road warrior LAN 192.168.1.0/24

road warrior email road@warrior.vpn

Optionally devide wireless from wired network

If LAN and WIFI should be handled differently by the central site, it makes sense to seperate them and use two differnet IPSEC tunnels.
Install openswan

ipkg install openswan kmod-openswan ntpclient

Configuration

In this example, a configuration using a X.509 PKI is being used. Shared key is not really useful for road warrior setups, as it would require all road warriors to use the same shared key.
Create CA and certificates for all gateways

In this example, the hostname is used as common name for the central station and the email address for the road warrior. Some hints on how to use openssl to manage a PKI can be found at http://www.natecarlson.com/linux/ipsec-x509.php or http://freifunk.net/wiki/X509

On the OpenWRT box, copy the CA certificate to /etc/ipsec.d/cacerts/cacert.pem, the road warrior certificate to /etc/ipsec.d/certs/roadwarrior.pem and the private key to /etc/ipsec.d/private/roadwarriorkey.pem
Create /etc/ipsec.conf

A sample configuration is:

version 2.0 # conforms to second version of ipsec.conf specification

# basic configuration
config setup
# plutodebug / klipsdebug = "all", "none" or a combation from below:
# "raw crypt parsing emitting control klips pfkey natt x509 private"
# eg:
plutodebug="none"
klipsdebug="none"
#
# Only enable klipsdebug=all if you are a developer
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
nat_traversal=no
# virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12
interfaces=%defaultroute

conn central
authby=rsasig
esp=aes-sha1
right=1.2.3.4
rightsubnet=192.168.2.0/24
rightrsasigkey=%cert
rightid=@central.site.vpn
left=%defaultroute
leftsubnet=192.168.1.0/24
leftrsasigkey=%cert
leftid=road@warrior.vpn
leftcert=roadwarrior.pem
dpddelay=5
dpdtimeout=15
dpdaction=restart
auto=start
#keylife=20m
keyingtries=%forever

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

Create /etc/ipsec.secrets

This file contains the name of the private key file and the passphrase needed to open the file:

: RSA roadwarriorkey.pem "passphrase"

Permissions

Make sure the permissions of /etc/ipsec.secrets and /etc/ipsec.d/private/* allow read access only to root (chmod 400).
Hotplug

Configure the hotplug system to start and stop OpenSWAN each time the DSL connection is cut off by the provider:

/etc/hotplug.d/iface/30-ipsec

#!/bin/sh

if [ "$PROTO" != "ppp" ]; then exit; fi

USER=root
export USER

case "$ACTION" in
ifup)
/etc/rc.d/init.d/ipsec start
;;
ifdown)
/etc/rc.d/init.d/ipsec stop
;;
esac

Firewall

Make sure to open your firewall for ESP and ISAKMP traffic (and maybe NAT-T if your setup requires nat-traversal) and disable NAT for the LAN of the central site:

Example /etc/firewall.user:

iptables -A input_rule -p esp -s 1.2.3.4 -j ACCEPT # allow IPSEC
iptables -A input_rule -p udp -s 1.2.3.4 --dport 500 -j ACCEPT # allow ISAKMP
iptables -A input_rule -p udp -s 1.2.3.4 --dport 4500 -j ACCEPT # allow NAT-T
iptables -t nat -A postrouting_rule -d 192.168.2.0/24 -j ACCEPT
# Allow any traffic between road warrior LAN and central LAN
#iptables -A forwarding_rule -i $LAN -o ipsec0 -j ACCEPT
#iptables -A forwarding_rule -i ipsec0 -o $LAN -j ACCEPT

Bugfix (for RC4)

As of Whiterussian RC4, to fix a bug replace /etc/hotplug.d/iface/10-ntpclient by https://dev.openwrt.org/file/trunk/openwrt/package/ntpclient/files/ntpclient.init.
Startup files

Optionally remove /etc/init.d/60ipsec, as this script is not really needed in this setup.
Speed

Depending on the encryption (esp=) the following transfer rates might be achieved:
aes-sha1 160kb/s
3des-sha1 230kb/s
des-sha1 260kb/s

Referencias:

http://wiki.openwrt.org/oldwiki/IPSec

http://es.wikipedia.org/wiki/IPsec

IPSec en OpenWrt

2011-07-01T21:20:11Z

Marcos:

IPSec (Internet Protocol Security), es un conjunto de protocolos cuya función es asegurar las comunicaciones sobre el protocolo IP, autenticando y/o cifrando cada paquete IP en un flujo de datos.

Plain IPSec

This configuration assumes an OpenWRT router with dynamic Internet connection using DSL and a central site with fixed IP addresses (typical road warrior scenario). The goal is to set up IPSEC between both sites so the LAN and/or WIFI connected to the OpenWRT router can talk to the LAN connected to the central IPSEC gatway. For the sample configuration we assume the following setup:
central site IP address 1.2.3.4
central site LAN 192.168.2.0/24
central site name central.site.vpn
road warrior LAN 192.168.1.0/24
road warrior email road@warrior.vpn
Optionally devide wireless from wired network

If LAN and WIFI should be handled differently by the central site, it makes sense to seperate them and use two differnet IPSEC tunnels.
Install openswan

ipkg install openswan kmod-openswan ntpclient

Configuration

In this example, a configuration using a X.509 PKI is being used. Shared key is not really useful for road warrior setups, as it would require all road warriors to use the same shared key.
Create CA and certificates for all gateways

In this example, the hostname is used as common name for the central station and the email address for the road warrior. Some hints on how to use openssl to manage a PKI can be found at http://www.natecarlson.com/linux/ipsec-x509.php or http://freifunk.net/wiki/X509

On the OpenWRT box, copy the CA certificate to /etc/ipsec.d/cacerts/cacert.pem, the road warrior certificate to /etc/ipsec.d/certs/roadwarrior.pem and the private key to /etc/ipsec.d/private/roadwarriorkey.pem
Create /etc/ipsec.conf

A sample configuration is:

version 2.0 # conforms to second version of ipsec.conf specification

# basic configuration
config setup
# plutodebug / klipsdebug = "all", "none" or a combation from below:
# "raw crypt parsing emitting control klips pfkey natt x509 private"
# eg:
plutodebug="none"
klipsdebug="none"
#
# Only enable klipsdebug=all if you are a developer
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
nat_traversal=no
# virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12
interfaces=%defaultroute

conn central
authby=rsasig
esp=aes-sha1
right=1.2.3.4
rightsubnet=192.168.2.0/24
rightrsasigkey=%cert
rightid=@central.site.vpn
left=%defaultroute
leftsubnet=192.168.1.0/24
leftrsasigkey=%cert
leftid=road@warrior.vpn
leftcert=roadwarrior.pem
dpddelay=5
dpdtimeout=15
dpdaction=restart
auto=start
#keylife=20m
keyingtries=%forever

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

Create /etc/ipsec.secrets

This file contains the name of the private key file and the passphrase needed to open the file:

: RSA roadwarriorkey.pem "passphrase"

Permissions

Make sure the permissions of /etc/ipsec.secrets and /etc/ipsec.d/private/* allow read access only to root (chmod 400).
Hotplug

Configure the hotplug system to start and stop OpenSWAN each time the DSL connection is cut off by the provider:

/etc/hotplug.d/iface/30-ipsec

#!/bin/sh

if [ "$PROTO" != "ppp" ]; then exit; fi

USER=root
export USER

case "$ACTION" in
ifup)
/etc/rc.d/init.d/ipsec start
;;
ifdown)
/etc/rc.d/init.d/ipsec stop
;;
esac

Firewall

Make sure to open your firewall for ESP and ISAKMP traffic (and maybe NAT-T if your setup requires nat-traversal) and disable NAT for the LAN of the central site:

Example /etc/firewall.user:

iptables -A input_rule -p esp -s 1.2.3.4 -j ACCEPT # allow IPSEC
iptables -A input_rule -p udp -s 1.2.3.4 --dport 500 -j ACCEPT # allow ISAKMP
iptables -A input_rule -p udp -s 1.2.3.4 --dport 4500 -j ACCEPT # allow NAT-T
iptables -t nat -A postrouting_rule -d 192.168.2.0/24 -j ACCEPT
# Allow any traffic between road warrior LAN and central LAN
#iptables -A forwarding_rule -i $LAN -o ipsec0 -j ACCEPT
#iptables -A forwarding_rule -i ipsec0 -o $LAN -j ACCEPT

Bugfix (for RC4)

As of Whiterussian RC4, to fix a bug replace /etc/hotplug.d/iface/10-ntpclient by https://dev.openwrt.org/file/trunk/openwrt/package/ntpclient/files/ntpclient.init.
Startup files

Optionally remove /etc/init.d/60ipsec, as this script is not really needed in this setup.
Speed

Depending on the encryption (esp=) the following transfer rates might be achieved:
aes-sha1 160kb/s
3des-sha1 230kb/s
des-sha1 260kb/s

Referencias:

http://wiki.openwrt.org/oldwiki/IPSec

http://es.wikipedia.org/wiki/IPsec

IPSec en OpenWrt

2011-06-30T21:28:16Z

Marcos:

IPSec en OpenWrt

2011-06-30T21:28:00Z

Marcos:

IPSec en OpenWrt

2011-06-30T21:25:42Z

Marcos: Página creada con 'IPSec (Internet Protocol Security), es un conjunto de protocolos cuya función es asegurar las comunicaciones sobre el protocolo IP, autenticando y/o cifrando cada paquete IP en...'

Grupo 2

2011-06-30T21:15:56Z

Marcos:

== Relevamiento de procesadores ==

[[Relevamiento Grupo 2]]

== Cliente DDNS en OpenWrt ==

[[Cliente DDNS en OpenWrt]]

== IPSec en OpenWrt ==

[[IPSec en OpenWrt]]

Tecnólogo telecomunicaciones

2011-06-21T23:08:34Z

Marcos: /* Cursos */

[[Archivo:logott.png|right|200px]]

El Tecnólogo en Telecomunicaciones tiene capacidades para asistir en el diseño y el despliegue de sistemas de telecomunicaciones y para realizar su mantenimiento y administración.

Podrá participar como técnico calificado en tareas de desarrollo de proyectos en el área de las telecomunicaciones, integrándose al trabajo colectivo y multidisciplinario para la realización de estas actividades en situaciones de variada complejidad, tanto por sus características como por su escala.

Para ello, habrá adquirido una formación en las áreas fundamentales de las Telecomunicaciones, así como en el desarrollo de aplicaciones telemáticas y poseerá un conocimiento básico del área de física y matemática que le permita continuar con sus estudios en otras titulaciones si así lo desea.

Dicha formación incluirá aspectos teóricos fundamentales y una muy fuerte componente práctica, incluyendo el manejo de tecnologías actualizadas.

También incluirá el desarrollo de un estudio de perfil innovador o de solución concreto de un caso real en la temática de la carrera, ya sea realizada en el contexto de una pasantía en una empresa del ramo o como monografía de profundización en técnicas innovadoras.

La carrera se dicta en el Centro Universitario de la Región Este (CURE), ubicado en la ciudad de Rocha.

== Cursos ==

===Primer Semestre===

* [[Matemática I]]
* [[Matemática II]]
* [[Física I]]

===Segundo Semestre===

* [[Matemática III]]
* [[Física II]]
* [[Programación I]]

===Quinto Cuatrimestre===

* [[Taller de Gestión de Redes]]
* [[Taller de Telemática]]
* [[Taller de Redes Inalámbricas]]

===Sexto Cuatrimestre===

* [[Tecnólogo en Telecomunicaciones/adminredes|Taller de Administración de Redes y Servicios]]
* [[Taller de temas avanzados en redes de telecomunicaciones]]