Latest revision as of 00:31, 4 July 2022

Linux (CentOS Openswan) Example Using IKE2 and Preshared keys

yum install openswan

(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)

In /etc/ipsec.conf uncomment

include /etc/ipsec.d/*.conf

Put following two files in /etc/ipsec.d/:

file: myFireBrick.conf:

 conn myFireBrick
        authby=secret
        auto=start
        ikev2=insist
        left=CentOS.IP.Address
        leftid=CentOS.IP.Address
        leftsubnet=CentOS.IP.Address/32
        right=FireBrick.IP.Address
        rightid=FireBrick.IP.Address
        rightsubnet=FireBrick.LAN.SUBNET/24

file: myFireBrick.secrets:

CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere"

chkconfig ipsec on
service ipsec start

Put the following in the FB at the other end:

 <connection name="IPSec" peer-ips="CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" local-ip="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>

strongSwan

file: /etc/ipsec.conf

conn myFireBrick
       authby=secret
       auto=start
       left=strongSwan.IP
       leftid=strongSwan.IP
       leftsubnet=strongSwan.IP
       right=FireBrick.IP
       rightid=FireBrick.IP
       rightsubnet=FireBrick.LAN.IP.Address/24
       lifetime=2m

file: /etc/ipsec.secrets

 strongSwan.IP FireBrick.IP : PSK "YourSecretHere"

Put the following in the FB at the other end:

 <connection name="IPSecTostrongSwan" peer-ips="strongSwan.IP" auth-method="Secret" secret="YourSecretHere" local-ip="FireBrick.LAN.IP.Address" routes="strongSwan.IP" log="default"/>

@@ Line 1: / Line 1: @@
-<indicator name="Tunnels">[[File:Menu-IPsec.svg|link=:Category:FireBrick_IPsec|30px|Back up to the FireBrick IPsec Tunnels Category Page]]</indicator>
+<indicator name="Tunnels">[[File:Menu-IPsec.svg|link=:Category:FireBrick IPsec|30px|Back up to the FireBrick IPsec Tunnels Category Page]]</indicator>
-*Also see: [[FireBrick_Road_Warrior_strongSwan]]
+See also: [[FireBrick Road Warrior strongSwan]]
 =Linux (CentOS Openswan) Example Using IKE2 and Preshared keys=
@@ Line 7: / Line 8: @@
 (strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)
-In /etc/ipsec.conf uncomment
+In <tt>/etc/ipsec.conf</tt> uncomment
  include /etc/ipsec.d/*.conf
-Put following two files in /etc/ipsec.d/ :
+Put following two files in <tt>/etc/ipsec.d/</tt>:
 file: myFireBrick.conf:
@@ Line 35: / Line 36: @@
 Put the following in the FB at the other end:
-<syntaxhighlight language="xml">
+<syntaxhighlight lang="xml">
- <connection name="IPSec" peer-ips="CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="CentOS.IP.Address" log="default"/>
+ <connection name="IPSec" peer-ips="CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" local-ip="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>
 </syntaxhighlight>
@@ Line 43: / Line 44: @@
 file: /etc/ipsec.conf
 <syntaxhighlight lang="bash">
- conn myFireBrick
+conn myFireBrick
        authby=secret
        auto=start
@@ Line 57: / Line 58: @@
 file: /etc/ipsec.secrets
-<syntaxhighlight language="linux-config">
+<syntaxhighlight lang="bash">
  strongSwan.IP FireBrick.IP : PSK "YourSecretHere"
 </syntaxhighlight>
+Put the following in the FB at the other end:
-<syntaxhighlight language="xml">
+<syntaxhighlight lang="xml">
- <connection name="IPSecTostrongSwan" peer-ips="strongSwan.IP" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="strongSwan.IP" log="default"/>
+ <connection name="IPSecTostrongSwan" peer-ips="strongSwan.IP" auth-method="Secret" secret="YourSecretHere" local-ip="FireBrick.LAN.IP.Address" routes="strongSwan.IP" log="default"/>
 </syntaxhighlight>
-[[Category:FireBrick_IPsec|Strongswan]]
+[[Category:FireBrick IPsec|Strongswan]]