{"id":2291,"date":"2016-07-15T19:31:07","date_gmt":"2016-07-15T19:31:07","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/?p=2291"},"modified":"2025-06-13T19:26:25","modified_gmt":"2025-06-14T02:26:25","slug":"configuration-ipsec-for-a-couchbase-cluster","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/pt\/configuration-ipsec-for-a-couchbase-cluster\/","title":{"rendered":"Configura\u00e7\u00e3o do IPsec para um cluster do Couchbase"},"content":{"rendered":"<h2 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 10pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 24px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Introdu\u00e7\u00e3o<\/span><\/h2>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Algumas implanta\u00e7\u00f5es do Couchbase exigem comunica\u00e7\u00f5es seguras entre os n\u00f3s da rede, o que pode ocorrer por motivos como pol\u00edticas de governan\u00e7a de dados ou conformidade regulat\u00f3ria. \u00a0<\/span><a style=\"text-decoration: none;\" href=\"https:\/\/en.wikipedia.org\/wiki\/IPsec\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #1155cc; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;\">Seguran\u00e7a do protocolo da Internet (IPsec) <\/span><\/a><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; vertical-align: baseline; white-space: pre-wrap;\">\u00e9 um conjunto de protocolos para comunica\u00e7\u00f5es IP (Internet Protocol) seguras por meio de autentica\u00e7\u00e3o<\/span><a style=\"text-decoration: none;\" href=\"https:\/\/en.wikipedia.org\/wiki\/Authentication\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #0b0080; vertical-align: baseline; white-space: pre-wrap;\">ng<\/span><\/a><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; vertical-align: baseline; white-space: pre-wrap;\"> e criptografando cada <\/span><a style=\"text-decoration: none;\" href=\"https:\/\/en.wikipedia.org\/wiki\/Packet_(information_technology)#Example:_IP_packets\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #0b0080; vertical-align: baseline; white-space: pre-wrap;\">Pacote IP<\/span><\/a><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; vertical-align: baseline; white-space: pre-wrap;\"> de uma sess\u00e3o de comunica\u00e7\u00e3o. O IPsec pode ser usado para proteger os fluxos de dados entre um par de hosts (<\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; font-style: italic; vertical-align: baseline; white-space: pre-wrap;\">de host para host<\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; vertical-align: baseline; white-space: pre-wrap;\">), entre um par de gateways de seguran\u00e7a (<\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; font-style: italic; vertical-align: baseline; white-space: pre-wrap;\">rede para rede<\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; vertical-align: baseline; white-space: pre-wrap;\">), ou entre um gateway de seguran\u00e7a e um host (<\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; font-style: italic; vertical-align: baseline; white-space: pre-wrap;\">rede para host<\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; vertical-align: baseline; white-space: pre-wrap;\">). <\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">O objetivo deste artigo \u00e9 fornecer aos administradores do Couchbase uma introdu\u00e7\u00e3o r\u00e1pida sobre como configurar o IPsec entre os n\u00f3s em um cluster do Couchbase. \u00a0<\/span><\/p>\n<h2>Modos IPsec<\/h2>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 10pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">O IPSec tem dois modos: modo de t\u00fanel e modo de transporte. O mais usado \u00e9 o modo de t\u00fanel, que geralmente \u00e9 usado para configura\u00e7\u00f5es de VPN (cria\u00e7\u00e3o de dispositivo de rede de t\u00fanel em processo). O modo t\u00fanel n\u00e3o \u00e9 pr\u00e1tico para um cluster do Couchbase, pois exigiria a cria\u00e7\u00e3o e a manuten\u00e7\u00e3o de t\u00faneis entre todos os pares de n\u00f3s. <\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 10pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">O modo de transporte \u00e9 necess\u00e1rio para proteger a comunica\u00e7\u00e3o entre n\u00f3s na mesma rede. Ele permite o uso do IPsec por pacote. Totalmente transparente para os aplicativos.<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 10pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">O IPSec pode fornecer autentica\u00e7\u00e3o de pacotes (ou seja, garantir que os pacotes recebidos sejam pacotes de n\u00f3s confi\u00e1veis) e criptografia de pacotes. O modo de transporte e as entradas associadas do banco de dados de pol\u00edticas de seguran\u00e7a permitem configurar o comportamento necess\u00e1rio para um cluster do Couchbase:<\/span><\/p>\n<ul style=\"margin-top: 0pt; margin-bottom: 0pt;\">\n<li dir=\"ltr\" style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; background-color: transparent;\">\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 10pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 14.6667px; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">tipos espec\u00edficos de pacotes de entrada s\u00f3 ser\u00e3o aceitos se estiverem encapsulados em ipsec e forem v\u00e1lidos (caso contr\u00e1rio, ser\u00e3o descartados)<\/span><\/p>\n<\/li>\n<li dir=\"ltr\" style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; background-color: transparent;\">\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 14.6667px; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">tipos espec\u00edficos de pacotes de sa\u00edda devem ser encapsulados em ipsec<\/span><\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 10pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Normalmente, \"tipo espec\u00edfico\" ser\u00e1 algo como: <\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; font-style: italic; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">todos os pacotes de\/para o segmento de rede do cluster do couchbase<\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">. Ou pode ser algo como tudo: <\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; font-style: italic; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">todos os pacotes de\/para as portas de servi\u00e7o do couchbase.<\/span><\/p>\n<h2 dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; text-align: justify;\"><\/h2>\n<h2 dir=\"ltr\">Requisitos<\/h2>\n<ul dir=\"ltr\">\n<li>\n<h2 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; font-weight: 400; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Distribui\u00e7\u00e3o do Linux (o Debian \u00e9 usado para este blog). O Windows oferece suporte a IPsec, mas isso n\u00e3o foi testado. <\/span><\/h2>\n<\/li>\n<li style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Linux Openswan U2.6.32\/K2.6.32-573.el6.x86_64 (netkey) ou superior<\/span><\/li>\n<li style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Couchbase 4.1 ou superior<\/span><\/li>\n<li><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Acesso do usu\u00e1rio sudo\/root ao sistema<\/span><\/li>\n<\/ul>\n<h2>Instala\u00e7\u00e3o e configura\u00e7\u00e3o do OpenSwan<\/h2>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Na linha de comando, usando o sudo, o seguinte comando foi executado em cada n\u00f3. Para outras distribui\u00e7\u00f5es Linux, use o gerenciador de pacotes apropriado.<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"color: #000000; font-family: Arial; font-size: 14.6667px; line-height: 20.24px; text-align: left; white-space: pre-wrap;\"># sudo apt-get update<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># sudo apt-get install openswan<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">O instalador pode solicitar que o usu\u00e1rio crie um certificado x.509. N\u00e3o crie um certificado x.509. <\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">O IPsec precisa ser configurado para o modo de transporte.  No ambiente de demonstra\u00e7\u00e3o criado para este blog, temos dois n\u00f3s: 10.0.2.4 e 10.0.2.5. \u00a0<\/span><\/p>\n<h3 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\">Etapas<\/h3>\n<p dir=\"ltr\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">1 - Em cada n\u00f3 - adicione uma linha no arquivo \/etc\/ipsec.secrets: ipaddress_node1 ipaddress_node2: PSK \"some_key\"<\/span><\/p>\n<div style=\"text-align: center;\"><img decoding=\"async\" src=\"\/wp-content\/original-assets\/2016\/june\/configuration-ipsec-for-a-couchbase-cluster\/ipsecrets.png\" \/><\/div>\n<div><\/div>\n<div><\/div>\n<div>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">2 - Modifique o arquivo \/etc\/ipsec.conf para usar arquivos *.conf localizados no subdiret\u00f3rio ipsec.d.  Isso permite uma automa\u00e7\u00e3o f\u00e1cil se voc\u00ea precisar adicionar n\u00f3s ao cluster.  Cada par de n\u00f3s precisa de sua pr\u00f3pria entrada. \u00a0<\/span><\/p>\n<div><\/div>\n<div style=\"text-align: center;\"><img decoding=\"async\" src=\"\/wp-content\/original-assets\/2016\/june\/configuration-ipsec-for-a-couchbase-cluster\/ipsecconf.png\" \/><\/div>\n<div><\/div>\n<div>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">3 - Crie um arquivo de configura\u00e7\u00e3o no diret\u00f3rio \/etc\/ipsec.d\/ com as seguintes informa\u00e7\u00f5es:<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">conex\u00e3o com o couchbase<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-indent: 36pt;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">type=transport<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-indent: 36pt;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">authby=secret<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-indent: 36pt;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">esquerda=<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-indent: 36pt;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">direito=<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-indent: 36pt;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">pfs=sim<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-indent: 36pt;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">auto=start<\/span><\/p>\n<ul>\n<li style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">conn couchbase -connection: r\u00f3tulo arbitr\u00e1rio para sua conex\u00e3o. Pode ser qualquer coisa que voc\u00ea queira<\/span><\/li>\n<li style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">type=transport: queremos usar o modo de transporte para essa conex\u00e3o<\/span><\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">authby=secret: usaremos uma chave pr\u00e9-compartilhada (PSK) para essa conex\u00e3o. <\/span><\/li>\n<li style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">left=10.0.2.4: esta e a pr\u00f3xima linha apenas indicam os endere\u00e7os IP envolvidos nessa associa\u00e7\u00e3o IPsec. N\u00e3o importa qual IP \u00e9 o \"esquerdo\" e qual \u00e9 o \"direito\".<\/span><\/li>\n<li style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">right=10.0.2.5: veja o item acima.<\/span><\/li>\n<li style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">pfs=yes: queremos ativar o Perfect Forward Secrecy para essa conex\u00e3o. Em resumo, isso aumenta drasticamente a seguran\u00e7a. I<\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">auto=start: Queremos iniciar imediatamente a associa\u00e7\u00e3o IPsec de forma proativa. Isso tamb\u00e9m pode ser definido como auto=start, caso em que ele aguarda que a outra extremidade da conex\u00e3o inicie o tr\u00e1fego.<\/span><\/li>\n<\/ul>\n<p style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: center;\"><img decoding=\"async\" src=\"\/wp-content\/original-assets\/2016\/june\/configuration-ipsec-for-a-couchbase-cluster\/connection.png\" \/><\/p>\n<div>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">4 - Habilite o IPSec para usar a nova configura\u00e7\u00e3o em ambos os n\u00f3s: <\/span><span style=\"color: #000000; font-family: Consolas; font-size: 14.6667px; white-space: pre-wrap; line-height: 1.38; background-color: transparent;\">#sudo service ipsec restart<\/span><\/p>\n<div>\n<h2 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 24px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Testando a configura\u00e7\u00e3o<\/span><\/h2>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Em uma linha de comando em um n\u00f3, digite o seguinte comando: \u00a0<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><strong><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">#ping <\/span><\/strong><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: center;\"><img decoding=\"async\" src=\"\/wp-content\/original-assets\/2016\/june\/configuration-ipsec-for-a-couchbase-cluster\/untitledping.png\" \/><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">No outro n\u00f3, use a linha de comando e digite : (resultado desejado) Se n\u00e3o receber nenhuma mensagem, voc\u00ea precisar\u00e1 depurar sua configura\u00e7\u00e3o (consulte os guias de IPsec listados abaixo)<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><strong><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">#sudo tcpdump esp<\/span><\/strong><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: center;\"><img decoding=\"async\" src=\"\/wp-content\/original-assets\/2016\/june\/configuration-ipsec-for-a-couchbase-cluster\/untitled.png\" \/><\/p>\n<\/div>\n<div>\n<h2 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"color: #000000; font-family: Arial; font-size: 13.3333px; line-height: 18.4px; white-space: pre-wrap;\">Observa\u00e7\u00e3o: ESP = Encapsulamento de carga de seguran\u00e7a<\/span><\/h2>\n<h2 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 24px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Configura\u00e7\u00e3o do Couchbase<\/span><\/h2>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Instale o Couchbase em cada n\u00f3, uma configura\u00e7\u00e3o simples de dois n\u00f3s. Configure o cluster.  Toda a comunica\u00e7\u00e3o entre os dois n\u00f3s pode ser rastreada usando o comando tcpdump esp; o exemplo acima documenta a comunica\u00e7\u00e3o entre dois n\u00f3s do Couchbase. <\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: center;\"><strong><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Cluster de teste do Couchbase:<\/span><\/strong><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: center;\"><img decoding=\"async\" src=\"\/wp-content\/original-assets\/2016\/june\/configuration-ipsec-for-a-couchbase-cluster\/cb_ipsec_cluster.png\" alt=\"Couchbase Test Cluster\" \/><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: center;\"><strong>Captura de tela - #sudo tcpdump esp<\/strong><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: center;\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-8147 size-full\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2016\/07\/hippogallery_original.png\" alt=\"\" width=\"763\" height=\"600\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2016\/07\/hippogallery_original.png 763w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2016\/07\/hippogallery_original-300x236.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2016\/07\/hippogallery_original-20x16.png 20w\" sizes=\"auto, (max-width: 763px) 100vw, 763px\" \/><\/p>\n<h2 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><\/h2>\n<h2 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\">Refer\u00eancias<\/h2>\n<p dir=\"ltr\">Vis\u00e3o geral do IPsec <span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">&#8211; <\/span><a style=\"text-decoration: none;\" href=\"https:\/\/en.wikipedia.org\/wiki\/IPsec\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #1155cc; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">https:\/\/en.wikipedia.org\/wiki\/IPsec<\/span><\/a><\/p>\n<p dir=\"ltr\">Implementa\u00e7\u00e3o do modo de transporte IPsec\u00a0 <a style=\"text-decoration: none;\" href=\"https:\/\/andersonfam.org\/2014\/04\/02\/ipsec-transport-mode\/\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #1155cc; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">https:\/\/andersonfam.org\/2014\/04\/02\/ipsec-transport-mode\/<\/span><\/a><\/p>\n<div>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\">Usando o StrongSwan (exemplo de 3 n\u00f3s) -\u00a0<a href=\"https:\/\/blog.sprinternet.at\/2016\/03\/ipsec-transport-mode-with-strongswan-on-debian-jessie\/\">https:\/\/blog.sprinternet.at\/2016\/03\/ipsec-transport-mode-with-strongswan-on-debian-jessie\/<\/a><\/p>\n<h2 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\">Arquivos de configura\u00e7\u00e3o de amostra usados para este teste<\/h2>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><strong><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\/etc\/ipsec.conf<\/span><\/strong><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># \/etc\/ipsec.conf - Arquivo de configura\u00e7\u00e3o IPsec do Openswan<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">#<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Manual do #: ipsec.conf.5<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">#<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># Coloque seus pr\u00f3prios arquivos de configura\u00e7\u00e3o em \/etc\/ipsec.d\/ terminando em .conf<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">vers\u00e3o 2.0 \u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">O # est\u00e1 em conformidade com a segunda vers\u00e3o da especifica\u00e7\u00e3o ipsec.conf<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Configura\u00e7\u00e3o b\u00e1sica do #<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">configura\u00e7\u00e3o<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Controles de registro de depura\u00e7\u00e3o do #:  \"none\" para (quase) nenhum, \"all\" para muitos.<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># klipsdebug=none<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># plutodebug=\"an\u00e1lise de controle\"<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># Para o Red Hat Enterprise Linux e o Fedora, deixe protostack=netkey<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">protostack=netkey<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">nat_traversal=yes<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">virtual_private=<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">oe=off<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># Ative essa op\u00e7\u00e3o se voc\u00ea vir a mensagem \"failed to find any available worker\"<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># nhelpers=0<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">1TP5Voc\u00ea pode colocar seu arquivo de configura\u00e7\u00e3o (.conf) em \"\/etc\/ipsec.d\/\" e descomentar isso.<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">incluir \/etc\/ipsec.d\/*.conf<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 12pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 13.3333px; font-family: Arial; color: #000000; font-weight: bold; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\/etc\/ipsecrets<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 12pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Consolas; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">incluir \/etc\/ipsec.d\/*.secrets<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 12pt; color: #333333; text-align: left; line-height: 1.38;\"># use endere\u00e7os IP de seu pr\u00f3prio ambiente<\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 12pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Consolas; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">10.0.2.4 10.0.2.5: PSK \"sharedkey\"<\/span><\/p>\n<p><span style=\"color: #333333; line-height: 20.8px; text-align: left;\">\u00a0<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 12pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 13.3333px; font-family: Arial; color: #000000; font-weight: bold; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\/etc\/ipsec.d\/couchbase.conf<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">conex\u00e3o com o couchbase<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">type=transport<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">authby=secret<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; line-height: 20.8px; text-align: left;\"><span style=\"line-height: 1.38; font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"line-height: 1.38; font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"line-height: 1.38; font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">left=10.0.2.4<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">right=10.0.2.4<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">pfs=y<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">auto=start<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"color: #333333; line-height: 20.8px; text-align: left;\">\u00a0<\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div><\/div>","protected":false},"excerpt":{"rendered":"<p>Introduction Some Couchbase deployments require secure communications between nodes across the network, this could be due to reasons like data governance policies or regulatory compliance. \u00a0Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by [&hellip;]<\/p>","protected":false},"author":62,"featured_media":13873,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1815,1821,1813],"tags":[1666],"ppma_author":[9037],"class_list":["post-2291","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-best-practices-and-tutorials","category-couchbase-architecture","category-security","tag-encryption"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.7.1 (Yoast SEO v25.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Configuring IPsec for a Couchbase Cluster - The Couchbase Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/pt\/configuration-ipsec-for-a-couchbase-cluster\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Configuring IPsec for a Couchbase Cluster\" \/>\n<meta property=\"og:description\" content=\"Introduction Some Couchbase deployments require secure communications between nodes across the network, this could be due to reasons like data governance policies or regulatory compliance. \u00a0Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/pt\/configuration-ipsec-for-a-couchbase-cluster\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2016-07-15T19:31:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-14T02:26:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2016\/07\/hippogallery_original.png\" \/>\n<meta name=\"author\" content=\"Tim Wong\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tim Wong\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/\"},\"author\":{\"name\":\"Tim Wong\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/4ca397e4a4b7910c4217dcd0bb274767\"},\"headline\":\"Configuring IPsec for a Couchbase Cluster\",\"datePublished\":\"2016-07-15T19:31:07+00:00\",\"dateModified\":\"2025-06-14T02:26:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/\"},\"wordCount\":901,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"keywords\":[\"Encryption\"],\"articleSection\":[\"Best Practices and Tutorials\",\"Couchbase Architecture\",\"Security\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/\",\"name\":\"Configuring IPsec for a Couchbase Cluster - The Couchbase Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"datePublished\":\"2016-07-15T19:31:07+00:00\",\"dateModified\":\"2025-06-14T02:26:25+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#primaryimage\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"width\":1800,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.couchbase.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Configuring IPsec for a Couchbase Cluster\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"width\":218,\"height\":34,\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/4ca397e4a4b7910c4217dcd0bb274767\",\"name\":\"Tim Wong\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/c0277462aa4e7844e6e72ac8b21b2daf\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9ecd75e12fec9d49bc9599a17f69a1dc760735d319d2b3aeb2ce009a1d489ccc?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9ecd75e12fec9d49bc9599a17f69a1dc760735d319d2b3aeb2ce009a1d489ccc?s=96&d=mm&r=g\",\"caption\":\"Tim Wong\"},\"description\":\"Tim is a Principal Solutions Consultant at Couchbase supporting accounts in the San Francisco Bay Area. He has worked with database, enterprise data integration (batch, real time, cloud) and business intelligence technologies for over 20 years with stints at Oracle, TIBCO and Informatica.\",\"url\":\"https:\/\/www.couchbase.com\/blog\/pt\/author\/tim-wong\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Configuring IPsec for a Couchbase Cluster - The Couchbase Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/pt\/configuration-ipsec-for-a-couchbase-cluster\/","og_locale":"pt_BR","og_type":"article","og_title":"Configuring IPsec for a Couchbase Cluster","og_description":"Introduction Some Couchbase deployments require secure communications between nodes across the network, this could be due to reasons like data governance policies or regulatory compliance. \u00a0Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by [&hellip;]","og_url":"https:\/\/www.couchbase.com\/blog\/pt\/configuration-ipsec-for-a-couchbase-cluster\/","og_site_name":"The Couchbase Blog","article_published_time":"2016-07-15T19:31:07+00:00","article_modified_time":"2025-06-14T02:26:25+00:00","og_image":[{"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2016\/07\/hippogallery_original.png","type":"","width":"","height":""}],"author":"Tim Wong","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Tim Wong","Est. reading time":"4 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/"},"author":{"name":"Tim Wong","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/4ca397e4a4b7910c4217dcd0bb274767"},"headline":"Configuring IPsec for a Couchbase Cluster","datePublished":"2016-07-15T19:31:07+00:00","dateModified":"2025-06-14T02:26:25+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/"},"wordCount":901,"commentCount":0,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","keywords":["Encryption"],"articleSection":["Best Practices and Tutorials","Couchbase Architecture","Security"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/","url":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/","name":"Configuring IPsec for a Couchbase Cluster - The Couchbase Blog","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","datePublished":"2016-07-15T19:31:07+00:00","dateModified":"2025-06-14T02:26:25+00:00","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","width":1800,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Configuring IPsec for a Couchbase Cluster"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"Blog do Couchbase","description":"Couchbase, o banco de dados NoSQL","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"Blog do Couchbase","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","width":218,"height":34,"caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/4ca397e4a4b7910c4217dcd0bb274767","name":"Tim Wong","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/c0277462aa4e7844e6e72ac8b21b2daf","url":"https:\/\/secure.gravatar.com\/avatar\/9ecd75e12fec9d49bc9599a17f69a1dc760735d319d2b3aeb2ce009a1d489ccc?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9ecd75e12fec9d49bc9599a17f69a1dc760735d319d2b3aeb2ce009a1d489ccc?s=96&d=mm&r=g","caption":"Tim Wong"},"description":"Tim \u00e9 consultor de solu\u00e7\u00f5es principal da Couchbase, dando suporte a contas na \u00e1rea da Ba\u00eda de S\u00e3o Francisco. Ele trabalha com banco de dados, integra\u00e7\u00e3o de dados corporativos (batch, tempo real, nuvem) e tecnologias de business intelligence h\u00e1 mais de 20 anos, com passagens pela Oracle, TIBCO e Informatica.","url":"https:\/\/www.couchbase.com\/blog\/pt\/author\/tim-wong\/"}]}},"authors":[{"term_id":9037,"user_id":62,"is_guest":0,"slug":"tim-wong","display_name":"Tim Wong","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/9ecd75e12fec9d49bc9599a17f69a1dc760735d319d2b3aeb2ce009a1d489ccc?s=96&d=mm&r=g","first_name":"Tim","last_name":"Wong","user_url":"","author_category":"","description":"Tim \u00e9 consultor de solu\u00e7\u00f5es principal da Couchbase, dando suporte a contas na \u00e1rea da Ba\u00eda de S\u00e3o Francisco. Ele trabalha com banco de dados, integra\u00e7\u00e3o de dados corporativos (batch, tempo real, nuvem) e tecnologias de business intelligence h\u00e1 mais de 20 anos, com passagens pela Oracle, TIBCO e Informatica."}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts\/2291","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/users\/62"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/comments?post=2291"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts\/2291\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/media\/13873"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/media?parent=2291"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/categories?post=2291"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/tags?post=2291"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/ppma_author?post=2291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}