FireBrick to FireBrick

Here we will create a tunnel between 2 firebricks, Paul and Andrew. We will then set routing to route each others LAN blocks though the Tunnel. As the 2 endpoints have IPv6, we'll establish the tunnel over IPv6.

Side A Config

   <ipsec name="Andrew-ipsec" mtu="1500" graph="andrew-ipsec" local-ip="2001:8b0:d6:1::1" remote-ip="2001:8b0:1635::1" local-spi="4242" remote-spi="999" auth-algorithm="AES-XCBC" auth-key="1310B855522E8D457B814BD9DD78B6AB" crypt-algorithm="AES-CBC" crypt-key="0BC4DF636566667BEEC9F02117CB57C3" routes="90.155.90.128/27 2001:8b0:1635::/64"/>

Side B Config

  <ipsec name="Paul-ipsec" mtu="1500" graph="paul-ipsec" local-ip="2001:8b0:1635::1" remote-ip="2001:8b0:d6:1::1" local-spi="999" remote-spi="4242" auth-algorithm="AES-XCBC" auth-key="1310B855522E8D457B814BD9DD78B6AB" crypt-algorithm="AES-CBC" crypt-key="0BC4DF636566667BEEC9F02117CB57C3" routes="91.241.56.1 81.2.97.160/27 91.241.56.0/24 2001:8b0:d6::/48"/>

Testing

These 2 FireBricks both happen to be on AAISP FTTC lines, and a normal traceroute would go via the AAISP router, but when the IPSec tunnel is enabled the traceroute goes direct.

Traceroute Before:

$ traceroute 91.241.56.1
traceroute to 91.241.56.1 (91.241.56.1), 30 hops max, 60 byte packets
 1  brick.h.hearn.org.uk (90.155.90.129)  0.344 ms  0.321 ms  0.310 ms
 2  a.gormless.thn.aa.net.uk (90.155.53.51)  11.703 ms  11.712 ms  11.834 ms
 3  brick.shibboleet.ltd.uk (91.241.56.1)  24.862 ms  24.871 ms  25.251 ms

Traceroute After:

$ traceroute 91.241.56.1
traceroute to 91.241.56.1 (91.241.56.1), 30 hops max, 60 byte packets
 1  brick.h.hearn.org.uk (90.155.90.129)  0.358 ms  0.342 ms  0.329 ms
 2  brick.shibboleet.ltd.uk (91.241.56.1)  26.178 ms  26.861 ms  27.123 ms

FireBrick to Linux