{"id":2291,"date":"2016-07-15T19:31:07","date_gmt":"2016-07-15T19:31:07","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/?p=2291"},"modified":"2025-06-13T19:26:25","modified_gmt":"2025-06-14T02:26:25","slug":"configuration-ipsec-for-a-couchbase-cluster","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/es\/configuration-ipsec-for-a-couchbase-cluster\/","title":{"rendered":"Configuraci\u00f3n de IPsec para un cl\u00faster Couchbase"},"content":{"rendered":"<h2 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 10pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 24px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Introducci\u00f3n<\/span><\/h2>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Algunos despliegues de Couchbase requieren comunicaciones seguras entre nodos a trav\u00e9s de la red, esto podr\u00eda ser debido a razones como las pol\u00edticas de gobierno de datos o el cumplimiento normativo. \u00a0<\/span><a style=\"text-decoration: none;\" href=\"https:\/\/en.wikipedia.org\/wiki\/IPsec\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #1155cc; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;\">Seguridad del protocolo de Internet (IPsec) <\/span><\/a><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; vertical-align: baseline; white-space: pre-wrap;\">es un conjunto de protocolos para comunicaciones seguras basadas en el Protocolo de Internet (IP) mediante autenticati<\/span><a style=\"text-decoration: none;\" href=\"https:\/\/en.wikipedia.org\/wiki\/Authentication\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #0b0080; vertical-align: baseline; white-space: pre-wrap;\">ng<\/span><\/a><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; vertical-align: baseline; white-space: pre-wrap;\"> y encriptando cada <\/span><a style=\"text-decoration: none;\" href=\"https:\/\/en.wikipedia.org\/wiki\/Packet_(information_technology)#Example:_IP_packets\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #0b0080; vertical-align: baseline; white-space: pre-wrap;\">Paquete IP<\/span><\/a><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; vertical-align: baseline; white-space: pre-wrap;\"> de una sesi\u00f3n de comunicaci\u00f3n. IPsec puede utilizarse para proteger los flujos de datos entre un par de hosts (<\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; font-style: italic; vertical-align: baseline; white-space: pre-wrap;\">de host a host<\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; vertical-align: baseline; white-space: pre-wrap;\">), entre un par de pasarelas de seguridad (<\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; font-style: italic; vertical-align: baseline; white-space: pre-wrap;\">de red a red<\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; vertical-align: baseline; white-space: pre-wrap;\">), o entre una pasarela de seguridad y un host (<\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; font-style: italic; vertical-align: baseline; white-space: pre-wrap;\">red a host<\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; vertical-align: baseline; white-space: pre-wrap;\">). <\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">El objetivo de este art\u00edculo es proporcionar a los administradores de Couchbase una gu\u00eda r\u00e1pida sobre c\u00f3mo configurar IPsec en los nodos de un cluster de Couchbase. \u00a0<\/span><\/p>\n<h2>Modos IPsec<\/h2>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 10pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">IPSec tiene dos modos: modo t\u00fanel y modo transporte. El m\u00e1s utilizado es el modo t\u00fanel, que suele usarse para configuraciones VPN (creaci\u00f3n de dispositivo de red de t\u00fanel en proceso). El modo t\u00fanel no es pr\u00e1ctico para un cl\u00faster Couchbase, ya que requerir\u00eda crear y mantener t\u00faneles entre todos los pares de nodos. <\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 10pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">El modo de transporte es necesario para proteger la comunicaci\u00f3n entre nodos de la misma red. Permite el uso de IPsec por paquete. Totalmente transparente para las aplicaciones.<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 10pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">IPSec puede proporcionar autenticaci\u00f3n de paquetes (es decir, asegurar que los paquetes que se reciben son paquetes de nodos de confianza) y encriptaci\u00f3n de paquetes. El modo de transporte y las entradas asociadas de la Base de Datos de Pol\u00edticas de Seguridad permiten configurar el comportamiento requerido para un cluster Couchbase:<\/span><\/p>\n<ul style=\"margin-top: 0pt; margin-bottom: 0pt;\">\n<li dir=\"ltr\" style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; background-color: transparent;\">\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 10pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 14.6667px; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">determinados tipos de paquetes entrantes s\u00f3lo se aceptan si est\u00e1n encapsulados en ipsec y son v\u00e1lidos (se descartan en caso contrario)<\/span><\/p>\n<\/li>\n<li dir=\"ltr\" style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; background-color: transparent;\">\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 14.6667px; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">se requiere que determinados tipos de paquetes salientes se encapsulen en ipsec<\/span><\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 10pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Por lo general, \"tipo espec\u00edfico\" va a ser algo as\u00ed como: <\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; font-style: italic; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">todos los paquetes de\/a couchbase cluster segmento de red<\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">. O puede ser algo como todo: <\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; font-style: italic; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">todos los paquetes hacia\/desde los puertos de servicio couchbase.<\/span><\/p>\n<h2 dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; text-align: justify;\"><\/h2>\n<h2 dir=\"ltr\">Requisitos<\/h2>\n<ul dir=\"ltr\">\n<li>\n<h2 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; font-weight: 400; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Distribuci\u00f3n Linux (para este blog se utiliza Debian). Windows soporta IPsec, esto no fue probado. <\/span><\/h2>\n<\/li>\n<li style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Linux Openswan U2.6.32\/K2.6.32-573.el6.x86_64 (netkey) o superior<\/span><\/li>\n<li style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Couchbase 4.1 o superior<\/span><\/li>\n<li><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Acceso de usuario sudo\/root al sistema<\/span><\/li>\n<\/ul>\n<h2>Instalaci\u00f3n y configuraci\u00f3n de OpenSwan<\/h2>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Desde la l\u00ednea de comandos usando sudo, se ejecut\u00f3 el siguiente comando en cada nodo. Para otras distribuciones linux utilice su gestor de paquetes apropiado.<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"color: #000000; font-family: Arial; font-size: 14.6667px; line-height: 20.24px; text-align: left; white-space: pre-wrap;\"># sudo apt-get update<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># sudo apt-get install openswan<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">El instalador puede pedir al usuario que cree un certificado x.509, no cree un certificado x.509. <\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">IPsec debe configurarse para el modo de transporte.  En el entorno de demostraci\u00f3n creado para este blog, tenemos dos nodos: 10.0.2.4 y 10.0.2.5. \u00a0<\/span><\/p>\n<h3 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\">Pasos<\/h3>\n<p dir=\"ltr\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">1 - En cada nodo - a\u00f1adir una l\u00ednea en el archivo \/etc\/ipsec.secrets: ipaddress_node1 ipaddress_node2: PSK \"alguna_clave\"<\/span><\/p>\n<div style=\"text-align: center;\"><img decoding=\"async\" src=\"\/wp-content\/original-assets\/2016\/june\/configuration-ipsec-for-a-couchbase-cluster\/ipsecrets.png\" \/><\/div>\n<div><\/div>\n<div><\/div>\n<div>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">2 - Modifique el archivo \/etc\/ipsec.conf para utilizar archivos *.conf ubicados en el subdirectorio ipsec.d.  Esto permite una f\u00e1cil automatizaci\u00f3n si necesitas a\u00f1adir nodos al cluster.  Cada par de nodos necesita su propia entrada. \u00a0<\/span><\/p>\n<div><\/div>\n<div style=\"text-align: center;\"><img decoding=\"async\" src=\"\/wp-content\/original-assets\/2016\/june\/configuration-ipsec-for-a-couchbase-cluster\/ipsecconf.png\" \/><\/div>\n<div><\/div>\n<div>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">3 - Cree un archivo de configuraci\u00f3n en el directorio \/etc\/ipsec.d\/ con la siguiente informaci\u00f3n:<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">conn couchbase<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-indent: 36pt;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">tipo=transporte<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-indent: 36pt;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">authby=secreto<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-indent: 36pt;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">izquierda=<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-indent: 36pt;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">right=<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-indent: 36pt;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">pfs=s\u00ed<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-indent: 36pt;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">auto=inicio<\/span><\/p>\n<ul>\n<li style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">conn couchbase -connection: etiqueta arbitraria para su conexi\u00f3n. Puede ser cualquier cosa que desee<\/span><\/li>\n<li style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">type=transport: queremos utilizar el modo transporte para esta conexi\u00f3n<\/span><\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">authby=secret: utilizaremos una clave precompartida (PSK) para esta conexi\u00f3n. <\/span><\/li>\n<li style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">left=10.0.2.4: esta l\u00ednea y la siguiente s\u00f3lo denotan las direcciones IP involucradas en esta asociaci\u00f3n IPsec. No importa qu\u00e9 IP es la \"izquierda\" y cu\u00e1l es la \"derecha\".<\/span><\/li>\n<li style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">right=10.0.2.5: v\u00e9ase el punto anterior.<\/span><\/li>\n<li style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">pfs=yes: queremos activar Perfect Forward Secrecy para esta conexi\u00f3n. En resumen, esto mejora dr\u00e1sticamente la seguridad. I<\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">auto=start: Queremos iniciar proactivamente la asociaci\u00f3n IPsec inmediatamente. Tambi\u00e9n se puede configurar como auto=start, en cuyo caso espera a que el otro extremo de la conexi\u00f3n inicie el tr\u00e1fico.<\/span><\/li>\n<\/ul>\n<p style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: center;\"><img decoding=\"async\" src=\"\/wp-content\/original-assets\/2016\/june\/configuration-ipsec-for-a-couchbase-cluster\/connection.png\" \/><\/p>\n<div>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">4 - Habilite IPSec para utilizar la nueva configuraci\u00f3n en ambos nodos: <\/span><span style=\"color: #000000; font-family: Consolas; font-size: 14.6667px; white-space: pre-wrap; line-height: 1.38; background-color: transparent;\">#sudo service ipsec restart<\/span><\/p>\n<div>\n<h2 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 24px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Probar la configuraci\u00f3n<\/span><\/h2>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Desde una l\u00ednea de comandos en un nodo, escriba el siguiente comando: \u00a0<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><strong><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">#ping <\/span><\/strong><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: center;\"><img decoding=\"async\" src=\"\/wp-content\/original-assets\/2016\/june\/configuration-ipsec-for-a-couchbase-cluster\/untitledping.png\" \/><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Desde el otro nodo, utilice la l\u00ednea de comandos y escriba : (resultado deseado) Si no obtiene ning\u00fan mensaje, tendr\u00e1 que depurar su configuraci\u00f3n (consulte las Gu\u00edas IPsec que se indican a continuaci\u00f3n)<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><strong><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">#sudo tcpdump esp<\/span><\/strong><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: center;\"><img decoding=\"async\" src=\"\/wp-content\/original-assets\/2016\/june\/configuration-ipsec-for-a-couchbase-cluster\/untitled.png\" \/><\/p>\n<\/div>\n<div>\n<h2 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"color: #000000; font-family: Arial; font-size: 13.3333px; line-height: 18.4px; white-space: pre-wrap;\">Nota: ESP = Encapsulating Security Payload (carga \u00fatil de seguridad encapsulada)<\/span><\/h2>\n<h2 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 24px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Configuraci\u00f3n de Couchbase<\/span><\/h2>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Instala Couchbase en cada nodo, una configuraci\u00f3n simple de dos nodos. Configurar el cluster.  Toda la comunicaci\u00f3n entre los dos nodos puede ser rastreada usando el comando tcpdump esp, el ejemplo de arriba documenta la comunicaci\u00f3n entre dos nodos Couchbase. <\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: center;\"><strong><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Cl\u00faster de pruebas de Couchbase:<\/span><\/strong><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: center;\"><img decoding=\"async\" src=\"\/wp-content\/original-assets\/2016\/june\/configuration-ipsec-for-a-couchbase-cluster\/cb_ipsec_cluster.png\" alt=\"Couchbase Test Cluster\" \/><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: center;\"><strong>Captura de pantalla - #sudo tcpdump esp<\/strong><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: center;\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-8147 size-full\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2016\/07\/hippogallery_original.png\" alt=\"\" width=\"763\" height=\"600\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2016\/07\/hippogallery_original.png 763w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2016\/07\/hippogallery_original-300x236.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2016\/07\/hippogallery_original-20x16.png 20w\" sizes=\"auto, (max-width: 763px) 100vw, 763px\" \/><\/p>\n<h2 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><\/h2>\n<h2 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\">Referencias<\/h2>\n<p dir=\"ltr\">Visi\u00f3n general de IPsec <span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">&#8211; <\/span><a style=\"text-decoration: none;\" href=\"https:\/\/en.wikipedia.org\/wiki\/IPsec\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #1155cc; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">https:\/\/en.wikipedia.org\/wiki\/IPsec<\/span><\/a><\/p>\n<p dir=\"ltr\">Implementaci\u00f3n del modo de transporte IPsec -\u00a0 <a style=\"text-decoration: none;\" href=\"https:\/\/andersonfam.org\/2014\/04\/02\/ipsec-transport-mode\/\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #1155cc; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">https:\/\/andersonfam.org\/2014\/04\/02\/ipsec-transport-mode\/<\/span><\/a><\/p>\n<div>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\">Uso de StrongSwan (ejemplo de 3 nodos) -\u00a0<a href=\"https:\/\/blog.sprinternet.at\/2016\/03\/ipsec-transport-mode-with-strongswan-on-debian-jessie\/\">https:\/\/blog.sprinternet.at\/2016\/03\/ipsec-transport-mode-with-strongswan-on-debian-jessie\/<\/a><\/p>\n<h2 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\">Ejemplos de archivos de configuraci\u00f3n utilizados para esta prueba<\/h2>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><strong><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\/etc\/ipsec.conf<\/span><\/strong><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># \/etc\/ipsec.conf - Archivo de configuraci\u00f3n IPsec de Openswan<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">#<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># Manual: ipsec.conf.5<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">#<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># Por favor, coloque sus propios archivos de configuraci\u00f3n en \/etc\/ipsec.d\/ terminando en .conf<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">versi\u00f3n 2.0 \u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># se ajusta a la segunda versi\u00f3n de la especificaci\u00f3n ipsec.conf<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Configuraci\u00f3n b\u00e1sica del #<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">configuraci\u00f3n<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># Controles de registro de depuraci\u00f3n:  \"ninguno\" para (casi) ninguno, \"todos\" para muchos.<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># klipsdebug=none<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># plutodebug=\"control parsing\"<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># Para Red Hat Enterprise Linux y Fedora, deje protostack=netkey<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">protostack=clave de red<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">nat_traversal=s\u00ed<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">virtual_private=<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">oe=off<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># Act\u00edvalo si ves \"no se ha encontrado ning\u00fan trabajador disponible\".<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># nhelpers=0<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">#Ypuedes poner tu archivo de configuraci\u00f3n (.conf) en \"\/etc\/ipsec.d\/\" y descomentar esto.<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">include \/etc\/ipsec.d\/*.conf<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 12pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 13.3333px; font-family: Arial; color: #000000; font-weight: bold; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\/etc\/ipsecrets<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 12pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Consolas; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">include \/etc\/ipsec.d\/*.secrets<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 12pt; color: #333333; text-align: left; line-height: 1.38;\"># utilice direcciones IP de su propio entorno<\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 12pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Consolas; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">10.0.2.4 10.0.2.5: PSK \"sharedkey\"<\/span><\/p>\n<p><span style=\"color: #333333; line-height: 20.8px; text-align: left;\">\u00a0<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 12pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 13.3333px; font-family: Arial; color: #000000; font-weight: bold; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\/etc\/ipsec.d\/couchbase.conf<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">conn couchbase<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">tipo=transporte<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">authby=secreto<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; line-height: 20.8px; text-align: left;\"><span style=\"line-height: 1.38; font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"line-height: 1.38; font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"line-height: 1.38; font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">left=10.0.2.4<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">right=10.0.2.4<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">pfs=y<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">auto=inicio<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"color: #333333; line-height: 20.8px; text-align: left;\">\u00a0<\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div><\/div>","protected":false},"excerpt":{"rendered":"<p>Introduction Some Couchbase deployments require secure communications between nodes across the network, this could be due to reasons like data governance policies or regulatory compliance. \u00a0Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by [&hellip;]<\/p>","protected":false},"author":62,"featured_media":13873,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1815,1821,1813],"tags":[1666],"ppma_author":[9037],"class_list":["post-2291","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-best-practices-and-tutorials","category-couchbase-architecture","category-security","tag-encryption"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.9 (Yoast SEO v25.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Configuring IPsec for a Couchbase Cluster - The Couchbase Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/es\/configuration-ipsec-for-a-couchbase-cluster\/\" \/>\n<meta property=\"og:locale\" content=\"es_MX\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Configuring IPsec for a Couchbase Cluster\" \/>\n<meta property=\"og:description\" content=\"Introduction Some Couchbase deployments require secure communications between nodes across the network, this could be due to reasons like data governance policies or regulatory compliance. \u00a0Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/es\/configuration-ipsec-for-a-couchbase-cluster\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2016-07-15T19:31:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-14T02:26:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2016\/07\/hippogallery_original.png\" \/>\n<meta name=\"author\" content=\"Tim Wong\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tim Wong\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/\"},\"author\":{\"name\":\"Tim Wong\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/4ca397e4a4b7910c4217dcd0bb274767\"},\"headline\":\"Configuring IPsec for a Couchbase Cluster\",\"datePublished\":\"2016-07-15T19:31:07+00:00\",\"dateModified\":\"2025-06-14T02:26:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/\"},\"wordCount\":901,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"keywords\":[\"Encryption\"],\"articleSection\":[\"Best Practices and Tutorials\",\"Couchbase Architecture\",\"Security\"],\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/\",\"name\":\"Configuring IPsec for a Couchbase Cluster - The Couchbase Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"datePublished\":\"2016-07-15T19:31:07+00:00\",\"dateModified\":\"2025-06-14T02:26:25+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#breadcrumb\"},\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#primaryimage\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"width\":1800,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.couchbase.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Configuring IPsec for a Couchbase Cluster\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"es\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"width\":218,\"height\":34,\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/4ca397e4a4b7910c4217dcd0bb274767\",\"name\":\"Tim Wong\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/c0277462aa4e7844e6e72ac8b21b2daf\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9ecd75e12fec9d49bc9599a17f69a1dc760735d319d2b3aeb2ce009a1d489ccc?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9ecd75e12fec9d49bc9599a17f69a1dc760735d319d2b3aeb2ce009a1d489ccc?s=96&d=mm&r=g\",\"caption\":\"Tim Wong\"},\"description\":\"Tim is a Principal Solutions Consultant at Couchbase supporting accounts in the San Francisco Bay Area. He has worked with database, enterprise data integration (batch, real time, cloud) and business intelligence technologies for over 20 years with stints at Oracle, TIBCO and Informatica.\",\"url\":\"https:\/\/www.couchbase.com\/blog\/es\/author\/tim-wong\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Configuring IPsec for a Couchbase Cluster - The Couchbase Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/es\/configuration-ipsec-for-a-couchbase-cluster\/","og_locale":"es_MX","og_type":"article","og_title":"Configuring IPsec for a Couchbase Cluster","og_description":"Introduction Some Couchbase deployments require secure communications between nodes across the network, this could be due to reasons like data governance policies or regulatory compliance. \u00a0Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by [&hellip;]","og_url":"https:\/\/www.couchbase.com\/blog\/es\/configuration-ipsec-for-a-couchbase-cluster\/","og_site_name":"The Couchbase Blog","article_published_time":"2016-07-15T19:31:07+00:00","article_modified_time":"2025-06-14T02:26:25+00:00","og_image":[{"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2016\/07\/hippogallery_original.png","type":"","width":"","height":""}],"author":"Tim Wong","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Tim Wong","Est. reading time":"4 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/"},"author":{"name":"Tim Wong","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/4ca397e4a4b7910c4217dcd0bb274767"},"headline":"Configuring IPsec for a Couchbase Cluster","datePublished":"2016-07-15T19:31:07+00:00","dateModified":"2025-06-14T02:26:25+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/"},"wordCount":901,"commentCount":0,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","keywords":["Encryption"],"articleSection":["Best Practices and Tutorials","Couchbase Architecture","Security"],"inLanguage":"es","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/","url":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/","name":"Configuring IPsec for a Couchbase Cluster - The Couchbase Blog","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","datePublished":"2016-07-15T19:31:07+00:00","dateModified":"2025-06-14T02:26:25+00:00","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#breadcrumb"},"inLanguage":"es","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/"]}]},{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","width":1800,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Configuring IPsec for a Couchbase Cluster"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"El blog de Couchbase","description":"Couchbase, la base de datos NoSQL","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"es"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"El blog de Couchbase","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","width":218,"height":34,"caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/4ca397e4a4b7910c4217dcd0bb274767","name":"Tim Wong","image":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/c0277462aa4e7844e6e72ac8b21b2daf","url":"https:\/\/secure.gravatar.com\/avatar\/9ecd75e12fec9d49bc9599a17f69a1dc760735d319d2b3aeb2ce009a1d489ccc?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9ecd75e12fec9d49bc9599a17f69a1dc760735d319d2b3aeb2ce009a1d489ccc?s=96&d=mm&r=g","caption":"Tim Wong"},"description":"Tim es Consultor Principal de Soluciones en Couchbase, dando soporte a cuentas en el \u00e1rea de la Bah\u00eda de San Francisco. Ha trabajado con bases de datos, integraci\u00f3n de datos empresariales (por lotes, en tiempo real, en la nube) y tecnolog\u00edas de inteligencia empresarial durante m\u00e1s de 20 a\u00f1os en Oracle, TIBCO e Informatica.","url":"https:\/\/www.couchbase.com\/blog\/es\/author\/tim-wong\/"}]}},"authors":[{"term_id":9037,"user_id":62,"is_guest":0,"slug":"tim-wong","display_name":"Tim Wong","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/9ecd75e12fec9d49bc9599a17f69a1dc760735d319d2b3aeb2ce009a1d489ccc?s=96&d=mm&r=g","author_category":"","last_name":"Wong","first_name":"Tim","job_title":"","user_url":"","description":"Tim es Consultor Principal de Soluciones en Couchbase, dando soporte a cuentas en el \u00e1rea de la Bah\u00eda de San Francisco. Ha trabajado con bases de datos, integraci\u00f3n de datos empresariales (por lotes, en tiempo real, en la nube) y tecnolog\u00edas de inteligencia empresarial durante m\u00e1s de 20 a\u00f1os en Oracle, TIBCO e Informatica."}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/es\/wp-json\/wp\/v2\/posts\/2291","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/es\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/es\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/es\/wp-json\/wp\/v2\/users\/62"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/es\/wp-json\/wp\/v2\/comments?post=2291"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/es\/wp-json\/wp\/v2\/posts\/2291\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/es\/wp-json\/wp\/v2\/media\/13873"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/es\/wp-json\/wp\/v2\/media?parent=2291"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/es\/wp-json\/wp\/v2\/categories?post=2291"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/es\/wp-json\/wp\/v2\/tags?post=2291"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/es\/wp-json\/wp\/v2\/ppma_author?post=2291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}