Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick IPsec Tunnel with Manual Keys (Deprecated): Difference between revisions

FireBrick IPsec Tunnel with Manual Keys (Deprecated) (view source)

Revision as of 14:05, 1 April 2014

896 bytes added ,  1 April 2014
m
→‎FireBrick to FireBrick
1 brick.h.hearn.org.uk (90.155.90.129) 0.358 ms 0.342 ms 0.329 ms
2 brick.shibboleet.ltd.uk (91.241.56.1) 26.178 ms 26.861 ms 27.123 ms
 
 
=Linux (CentOS Openswan)=
 
yum install openswan
(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)
 
In /etc/ipsec.conf uncomment
include /etc/ipsec.d/*.conf
 
 
Put following two files in /etc/ipsec.d/ :
 
mhbrick.conf:
conn myFireBrick
authby=secret
auto=start
ikev2=insist
left=CentOS.IP.Address
leftid=CentOS.IP.Address
leftsubnet=CentOS.IP.Address/32
right=FireBrick.IP.Address
rightid=FireBrick.IP.Address
rightsubnet=FireBrick.LAN.SUBNET/24
 
in: myFireBrick.secrets:
CentOS.IP.Address FireBrick.IP.Address : PSK "yourpasswordhere"
 
service ipsec start
 
Put the following in the FB at the other end:
<connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret="yoursecrethere" internal-ipv4="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>
 
=FireBrick to Linux=
AA-Andrew
autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators
12,274

edits

Retrieved from ‘http://support.aa.net.uk/Special:MobileDiff/5527