Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick IPsec Tunnel with Manual Keys (Deprecated): Difference between revisions

FireBrick IPsec Tunnel with Manual Keys (Deprecated) (view source)

Revision as of 11:05, 4 October 2013

No change in size ,  4 October 2013
m
no edit summary
mNo edit summary
[[File:2700-small.png|link=:Category:FireBrick]]
 
=FireBrick IPSecIPsec Information=
 
Information from May 2013:
 
The IPSecIPsec feature provides ESP with ESP-auth and a choice of algorithms to create tunnels with a static config for keys. Blowfish is the fastest, if you have a choice. Triple DES is slowest, as you may expect.
 
At present the code can be used to create point to point fixed IP tunnels between FireBricks, or FireBrick and linux boxes. Other routers/VPN boxes may be able to handle fixed configs like this too.
 
Next we will be doing IKE (key exchange) which is more commonly used to establish session keys. We also plan to link in IPSecIPsec and L2TP which is commonly used for PCs and mobiles to VPN connect as an endpoint. More on this as we release it.
 
...this is all in-house code at every level with our own crypto libraries following the RFCs. We control every line of code in the FireBricks and the IPSecIPsec code is no exception.
 
This is an alpha release, and may well have bugs and issues that we need to work on, so we welcome feedback as usual. Please ensure crash logs are emailed as normal so we can pick up any fatal exceptions.
 
There is lots of information on in the FireBrick Manuals:
*[http://www.firebrick.co.uk/fbsoftware/2701/V1.25.101/FB2700/V1.25.101-2701-FB2700-Dexter-html/ipsec.html IPSecIPsec Chapter]
 
=FireBrick to FireBrick=
 
{| class="wikitable"
!colspan="2"|IPSecIPsec settings overview
|-
!name
 
==Firewall==
IPSECIPsec will need to be allowed in (and out) of the FireBricks
 
 
==Testing==
These 2 FireBricks both happen to be on AAISP FTTC lines, and a normal traceroute would go via the AAISP router, but when the IPSecIPsec tunnel is enabled the traceroute goes direct.
 
Traceroute Before:
=FireBrick to Linux=
There is information in the FireBrick Manual:
*[http://www.firebrick.co.uk/fbsoftware/2701/V1.25.101/FB2700/V1.25.101-2701-FB2700-Dexter-html/ch20s03.html IPSecIPsec Chapter for Linux Devices]
 
The FireBrick IPsec implementation should be compatible with any IPsec implementation providing manual keying, provided a common set of algorithms can be chosen. As an example, the configuration for a Linux system using the ipsec-tools package will be described.
AA-Andrew
autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators
12,290

edits

Retrieved from ‘http://support.aa.net.uk/Special:MobileDiff/4753