Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick to Openswan Strongswan IPsec (Howto): Difference between revisions

← Older edit
Content deleted Content added
AA-Andrew (talk | contribs)
autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators
12,616 edits
mNo edit summary
Reedy (talk | contribs)
editor
706 edits
 
(18 intermediate revisions by 2 users not shown)
Line 1: Line 1:
<indicator name="FireBrick Tunnels">[[File:FBimgtunnel.svg|link=:Category:FireBrick_Tunnels|30px|Back up to the Tunnels Category]]</indicator>
<indicator name="Tunnels">[[File:Menu-IPsec.svg|link=:Category:FireBrick IPsec|30px|Back up to the FireBrick IPsec Tunnels Category Page]]</indicator>

See also: [[FireBrick Road Warrior strongSwan]]

=Linux (CentOS Openswan) Example Using IKE2 and Preshared keys=
=Linux (CentOS Openswan) Example Using IKE2 and Preshared keys=


Line 5: Line 8:
(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)
(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)


In /etc/ipsec.conf uncomment
In <tt>/etc/ipsec.conf</tt> uncomment
include /etc/ipsec.d/*.conf
include /etc/ipsec.d/*.conf




Put following two files in /etc/ipsec.d/ :
Put following two files in <tt>/etc/ipsec.d/</tt>:


myFireBrick.conf:
file: myFireBrick.conf:

<syntaxhighlight>
<syntaxhighlight lang="bash">
conn myFireBrick
conn myFireBrick
authby=secret
authby=secret
Line 25: Line 29:
</syntaxhighlight>
</syntaxhighlight>


in: myFireBrick.secrets:
file: myFireBrick.secrets:
CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere"
CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere"


Line 32: Line 36:


Put the following in the FB at the other end:
Put the following in the FB at the other end:
<syntaxhighlight language="xml">
<syntaxhighlight lang="xml">
<connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="CentOS.IP.Address" log="default"/>
<connection name="IPSec" peer-ips="CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" local-ip="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>
</syntaxhighlight>
</syntaxhighlight>


Line 39: Line 43:


file: /etc/ipsec.conf
file: /etc/ipsec.conf
<syntaxhighlight lang="bash">

conn myFireBrick
conn myFireBrick
authby=secret
authby=secret
auto=start
auto=start
Line 50: Line 54:
rightsubnet=FireBrick.LAN.IP.Address/24
rightsubnet=FireBrick.LAN.IP.Address/24
lifetime=2m
lifetime=2m
</syntaxhighlight>


file: /etc/ipsec.secrets
file: /etc/ipsec.secrets


<syntaxhighlight lang="bash">
strongSwan.IP FireBrick.IP : PSK "YourSecretHere"
strongSwan.IP FireBrick.IP : PSK "YourSecretHere"
</syntaxhighlight>


Put the following in the FB at the other end:

<syntaxhighlight language="xml">
<syntaxhighlight lang="xml">
<connection name="IPSecTostrongSwan" peer-ips=strongSwan.IP" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="strongSwan.IP" log="default"/>
<connection name="IPSecTostrongSwan" peer-ips="strongSwan.IP" auth-method="Secret" secret="YourSecretHere" local-ip="FireBrick.LAN.IP.Address" routes="strongSwan.IP" log="default"/>
</syntaxhighlight>
</syntaxhighlight>

[[Category:FireBrick_Tunnels|IPv6 Tunnels]]
[[Category:FireBrick IPsec|Strongswan]]
Retrieved from "http://support.aa.net.uk/FireBrick_to_Openswan_Strongswan_IPsec_(Howto)"