Install IPSec on G-vTAP Agent
If IPSec is used to establish secure connection between G-vTAP agents and GigaVUE V Series nodes, then you must install IPSec on G-vTAP agent instances. To install IPSec on G-vTAP agent you need the following files:
- StrongSwan binary installer TAR file: The TAR file contains StrongSwan binary installer for different platforms. Each platform has its own TAR file.
Refer to https://www.strongswan.org/ for more details. - IPSec package file: The package file includes the following:
- CA Certificate
- Private Key and Certificate for G-vTAP Agent
- IPSec configurations
Note: IPSec cannot be installed on G-vTAP agents that are running on Windows OS. Therefore, if a monitoring session has targets with both Windows and Linux OS, only the linux agents will communicate over the secure connection. Windows agent will communicate only through the VxLAN Tunnel.
Refer to the following sections for installing IPSec on G-vTAP Agent:
- Install G-vTAP from Ubuntu/Debian Package
- Install G-vTAP from Red Hat Enterprise Linux and Centos
- Install G-vTAP from Red Hat Enterprise Linux and Centos with Selinux Enabled
Install G-vTAP from Ubuntu/Debian Package
- Launch the Ubuntu/Debian image.
- Copy the G-vTAP package files and strongSwan TAR file to the G-vTAP agent:
- Install the G-vTAP agent package file:
sudo dpkg -i gvtap-agent_1.7-1_amd64.deb
- Modify the file /etc/gvtap-agent/gvtap-agent.conf to configure and register the source and destination interfaces:
eth0# mirror-src-ingress mirror-src-egress mirror-dst
sudo /etc/init.d/gvtap-agent restart
sudo /etc/init.d/gvtap-agent status
Note: You can view the G-vTAP log using
cat /var/log/gvtap-agent.logcommand. - Install strongSwan:
tar -xvf strongswan5.3.5-1ubuntu3.8_amd64-deb.tar.gz
cd strongswan-5.3.5-1ubuntu3.8_amd64/
sudo sh ./swan-install.sh
- Install IPSec package:
sudo dpkg -i gvtap-ipsec_1.7-1_amd64.deb
Install G-vTAP from Red Hat Enterprise Linux and Centos
- Launch RHEL/Centos agent image.
- Copy the following package files and strongSwan TAR files to the G-vTAP agent:
- Install G-vTAP agent package:
sudo rpm -ivh gvtap-agent_1.7-1_x86_64.rpm
- Edit gvtap-agent.conf file to configure the required interface as source/destination for mirror:
# eth0 mirror-src-ingress mirror-src-egress mirror-dst
# sudo /etc/init.d/gvtap-agent restart
- Install strongSwan:
tar -xvf strongswan-5.7.1-1.el7.x86_64.tar.gz
cd strongswan-5.7.1-1.el7.x86_64
sudo sh ./swan-install.sh
- Install IPSec package:
sudo rpm -i gvtap-ipsec_1.7-1_x86_64.rpm
Note: You must install IPSec package after installing StrongSwan.
Install G-vTAP from Red Hat Enterprise Linux and Centos with Selinux Enabled
- Launch the RHEL/Centos agent image.
- Copy package files and strongSwan TAR file to G-vTAP agent.
- strongswan-5.7.1-1.el7.x86_64.tar.gz for rhel7/centos7
- strongswan-5.4.0-2.el6.x86_64.tar.gz for rhel6/centos6
- gvtap-agent_1.7-1_x86_64.rpm
- gvtap-ipsec_1.7-1_x86_64.rpm
- gvtap.te and gvtap_ipsec.te files (type enforcement files)
- Checkmodule -M -m -o gvtap.mod gvtap.te
semodule_package -o gvtap.pp -m gvtap.mod
sudo semodule -i gvtap.pp
- Checkmodule -M -m -o gvtap_ipsec.mod gvtap_ipsec.te
semodule_package -o gvtap_ipsec.pp -m gvtap_ipsec.mod
sudo semodule -i gvtap_ipsec.pp
- Install G-vTAP agent package:
sudo rpm -ivh gvtap-agent_1.7-1_x86_64.rpm
- Edit gvtap-agent.conf file to configure the required interface as source/destination for mirror:
# eth0 mirror-src-ingress mirror-src-egress mirror-dst
# sudo /etc/init.d/gvtap-agent restart
- Install strongSwan:
tar -xvf strongswan-5.7.1-1.el7.x86_64.tar.gz
cd strongswan-5.7.1-1.el7.x86_64
sudo sh ./swan-install.sh
- Install IPSec package:
sudo rpm -i gvtap-ipsec_1.7-1_x86_64.rpm
Document INFORMATION 
