12,270
edits
FireBrick IPsec (Road Warrior Howto): Difference between revisions
FireBrick IPsec (Road Warrior Howto) (view source)
Revision as of 08:39, 30 July 2015
, 30 July 2015no edit summary
mNo edit summary |
|||
|
In this example we are assuming you can allocate some IP addresses on you LAN. You do this by picking a range of addresses and setting up a <tt>roaming-pool</tt> (see below). You need to ensure the IP range does not clash with devices on the LAN and is not in the DHCP ranges that could allocate to the LAN. You also need to set <tt>proxy-arp</tt> on the LAN interface settings to allow communications to other devices on your LAN. Alternatively you could set private IP addresses in the pool and set the <tt>nat</tt> setting. You should probably also consider firewalling rules for traffic to/from IPsec connections.
= Creating Certificates =
There are three tools to help with setting up Road Warrior connections on the FireBrick web site. You can download these
remove it from any networked machine. It can of course be retrieved and reused if you wish to make further server
certificates using the same CA certificate.
==Summary of Certificates==
Once you've run the commands above to create the certificates, you'll end up with five files as follows:
{| class="wikitable"
|-
! File !! Description !! Use
|-
| ca-cert.pem || Company CA Certificate file || Upload to FireBrick
|-
| ca-cert.srl || ||
|-
| ca-key.pem || Private CA key, this signs certificates || Store in a safe place
|-
| server-cert.pem || FireBrick Certificate || Upload to FireBrick
|-
| server-key.pem || FireBrick Private Key || Upload to FireBrick
|}
== FireBrick IPsec config ==
| |||