FireBrick to Openswan Strongswan IPsec (Howto): Difference between revisions
mNo edit summary |
mNo edit summary |
||
Line 12: | Line 12: | ||
myFireBrick.conf: |
myFireBrick.conf: |
||
<syntaxhighlight> |
|||
conn myFireBrick |
conn myFireBrick |
||
authby=secret |
authby=secret |
||
Line 22: | Line 23: | ||
rightid=FireBrick.IP.Address |
rightid=FireBrick.IP.Address |
||
rightsubnet=FireBrick.LAN.SUBNET/24 |
rightsubnet=FireBrick.LAN.SUBNET/24 |
||
</syntaxhighlight> |
|||
in: myFireBrick.secrets: |
in: myFireBrick.secrets: |
Revision as of 15:04, 30 Haziran 2015
yum install openswan
(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)
In /etc/ipsec.conf uncomment
include /etc/ipsec.d/*.conf
Put following two files in /etc/ipsec.d/ :
myFireBrick.conf:
conn myFireBrick
authby=secret
auto=start
ikev2=insist
left=CentOS.IP.Address
leftid=CentOS.IP.Address
leftsubnet=CentOS.IP.Address/32
right=FireBrick.IP.Address
rightid=FireBrick.IP.Address
rightsubnet=FireBrick.LAN.SUBNET/24
in: myFireBrick.secrets:
CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere"
chkconfig ipsec on service ipsec start
Put the following in the FB at the other end:
<connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>
strongSwan
file: /etc/ipsec.conf
conn myFireBrick authby=secret auto=start left=strongSwan.IP leftid=strongSwan.IP leftsubnet=strongSwan.IP right=FireBrick.IP rightid=FireBrick.IP rightsubnet=SUBNET.ON.FireBrick.LAN lifetime=2m
file: /etc/ipsec.secrets
strongSwan.IP FireBrick.IP : PSK "YourSecretHere"