FireBrick IPsec Tunnel with Manual Keys (Deprecated): Difference between revisions

← Older edit

Content deleted Content added

Inline

@@ Line 1: / Line 1: @@
+'''This is now a legacy way to do IPsec, see [[FireBrick to FireBrick IPsec (Howto)]] instead!'''
-[[File:2700-small.png|link=:Category:FireBrick]]
+----
+----
+----
 =FireBrick IPsec Information=
@@ Line 16: / Line 22: @@
 There is lots of information on in the FireBrick Manuals:
-*[http://www.firebrick.co.uk/fbsoftware/2701/V1.25.101/FB2700/V1.25.101-2701-FB2700-Dexter-html/ipsec.html IPsec Chapter]
+*[http://www.firebrick.co.uk/fbsoftware/2701/V1.35.001/FB2700/V1.35.001-2701-FB2700-Nestor-html/tunnels.html IPsec Chapter]
 =FireBrick to FireBrick=
-Here we will create a tunnel between 2 firebricks, Paul and Andrew. We will then set routing to route each others LAN blocks though the Tunnel. As the 2 endpoints have IPv6, we'll establish the tunnel over IPv6.
+Here we will create a tunnel between 2 firebricks, Paul and Andrew. We will then set routing to route each other's LAN blocks though the Tunnel. As the 2 endpoints have IPv6, we'll establish the tunnel over IPv6.
 ==Side A Config==
+<syntaxhighlight lang="xml">
     <ipsec name="Andrew-ipsec" mtu="1500" graph="andrew-ipsec" local-ip="2001:8b0:d6:1::1" remote-ip="2001:8b0:1635::1" local-spi="4242" remote-spi="999" auth-algorithm="AES-XCBC" auth-key="1310B855522E8D457B814BD9DD78B6AB" crypt-algorithm="AES-CBC" crypt-key="0BC4DF636566667BEEC9F02117CB57C3" routes="90.155.90.128/27 2001:8b0:1635::/64"/>
+</syntaxhighlight>
 [[File:FireBrick-IPSec-SideA.png|border|300px|Screenshot]]
 {| class="wikitable"
@@ Line 65: / Line 72: @@
 |-
 !routes
-|IP blocks to route through the tunnel - ie LAN IPs of the other end
+|IP blocks to route through the tunnel - i.e. LAN IPs of the other end
 |}
 ==Side B Config==
+<syntaxhighlight lang="xml">
    <ipsec name="Paul-ipsec" mtu="1500" graph="paul-ipsec" local-ip="2001:8b0:1635::1" remote-ip="2001:8b0:d6:1::1" local-spi="999" remote-spi="4242" auth-algorithm="AES-XCBC" auth-key="1310B855522E8D457B814BD9DD78B6AB" crypt-algorithm="AES-CBC" crypt-key="0BC4DF636566667BEEC9F02117CB57C3" routes="91.241.56.1 81.2.97.160/27 91.241.56.0/24 2001:8b0:d6::/48"/>
+</syntaxhighlight>
 [[File:FireBrick-IPSec-SideB.png|border|300px]]
@@ Line 83: / Line 93: @@
  traceroute to 91.241.56.1 (91.241.56.1), 30 hops max, 60 byte packets
 brick.h.hearn.org.uk (90.155.90.129)  0.344 ms  0.321 ms  0.310 ms
-a.gormless.thn.aa.net.uk (90.155.53.51)  11.703 ms  11.712 ms  11.834 ms
+a.gormless.then.aa.net.uk (90.155.53.51)  11.703 ms  11.712 ms  11.834 ms
 brick.shibboleet.ltd.uk (91.241.56.1)  24.862 ms  24.871 ms  25.251 ms
@@ Line 94: / Line 104: @@
-=Linux (CentOS Openswan) Example=
+=Linux (CentOS Openswan) Example Using IKE2=
  yum install openswan
@@ Line 120: / Line 130: @@
  CentOS.IP.Address FireBrick.IP.Address : PSK "yourpasswordhere"
+ chkconfig ipsec on
  service ipsec start
@@ Line 127: / Line 138: @@
 =FireBrick to Linux=
 There is information in the FireBrick Manual:
-*[http://www.firebrick.co.uk/fbsoftware/2701/V1.25.101/FB2700/V1.25.101-2701-FB2700-Dexter-html/ch20s03.html IPsec Chapter for Linux Devices]
+*[http://www.firebrick.co.uk/fbsoftware/2701/V1.35.001/FB2700/V1.35.001-2701-FB2700-Nestor-html/tunnels.html#d0e5432 Tunnelling to a non-FireBrick device using Manually-Keyed IPsec]
 The FireBrick IPsec implementation should be compatible with any IPsec implementation providing manual keying, provided a common set of algorithms can be chosen. As an example, the configuration for a Linux system using the ipsec-tools package will be described.
@@ Line 170: / Line 181: @@
-[[Category:FireBrick]]
+[[Category:FireBrick Tunnels|IPSec]]