FireBrick to Openswan Strongswan IPsec (Howto): Difference between revisions
mNo edit summary |
mNo edit summary |
||
Line 62: | Line 62: | ||
<connection name="IPSecTostrongSwan" peer-ips="strongSwan.IP" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="strongSwan.IP" log="default"/> |
<connection name="IPSecTostrongSwan" peer-ips="strongSwan.IP" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="strongSwan.IP" log="default"/> |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
[[Category: |
[[Category:FireBrick_IPsec|Strongswan]] |
Revision as of 13:55, 8 July 2015
yum install openswan
(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)
In /etc/ipsec.conf uncomment
include /etc/ipsec.d/*.conf
Put following two files in /etc/ipsec.d/ :
file: myFireBrick.conf:
conn myFireBrick
authby=secret
auto=start
ikev2=insist
left=CentOS.IP.Address
leftid=CentOS.IP.Address
leftsubnet=CentOS.IP.Address/32
right=FireBrick.IP.Address
rightid=FireBrick.IP.Address
rightsubnet=FireBrick.LAN.SUBNET/24
file: myFireBrick.secrets:
CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere"
chkconfig ipsec on service ipsec start
Put the following in the FB at the other end:
<connection name="IPSec" peer-ips="CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="CentOS.IP.Address" log="default"/>
strongSwan
file: /etc/ipsec.conf
conn myFireBrick
authby=secret
auto=start
left=strongSwan.IP
leftid=strongSwan.IP
leftsubnet=strongSwan.IP
right=FireBrick.IP
rightid=FireBrick.IP
rightsubnet=FireBrick.LAN.IP.Address/24
lifetime=2m
file: /etc/ipsec.secrets
strongSwan.IP FireBrick.IP : PSK "YourSecretHere"
<connection name="IPSecTostrongSwan" peer-ips="strongSwan.IP" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="strongSwan.IP" log="default"/>