Back up to the FireBrick IPsec Tunnels Category Page

Difference between revisions of "FireBrick to Openswan Strongswan IPsec (Howto)"

From AAISP Support Site
Jump to: navigation, search
[quality revision][quality revision]
(Created page with "<indicator name="FireBrick Tunnels">Back up to the Tunnels Category</indicator> =Linux (CentOS Openswan) Example...")
 
(clean up)
 
(17 intermediate revisions by 2 users not shown)
Line 1: Line 1:
<indicator name="FireBrick Tunnels">[[File:FBimgtunnel.svg|link=:Category:FireBrick_Tunnels|30px|Back up to the Tunnels Category]]</indicator>
+
<indicator name="Tunnels">[[File:Menu-IPsec.svg|link=:Category:FireBrick IPsec|30px|Back up to the FireBrick IPsec Tunnels Category Page]]</indicator>
 +
*Also see: [[FireBrick Road Warrior strongSwan]]
 +
 
 
=Linux (CentOS Openswan) Example Using IKE2 and Preshared keys=
 
=Linux (CentOS Openswan) Example Using IKE2 and Preshared keys=
  
Line 11: Line 13:
 
Put following two files in /etc/ipsec.d/ :
 
Put following two files in /etc/ipsec.d/ :
  
mhbrick.conf:
+
file: myFireBrick.conf:
 +
 
 +
<syntaxhighlight lang="bash">
 
  conn myFireBrick
 
  conn myFireBrick
 
         authby=secret
 
         authby=secret
Line 22: Line 26:
 
         rightid=FireBrick.IP.Address
 
         rightid=FireBrick.IP.Address
 
         rightsubnet=FireBrick.LAN.SUBNET/24
 
         rightsubnet=FireBrick.LAN.SUBNET/24
 +
</syntaxhighlight>
  
in: myFireBrick.secrets:
+
file: myFireBrick.secrets:
  CentOS.IP.Address FireBrick.IP.Address : PSK "yourpasswordhere"
+
  CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere"
  
 
  chkconfig ipsec on
 
  chkconfig ipsec on
Line 30: Line 35:
  
 
Put the following in the FB at the other end:
 
Put the following in the FB at the other end:
  <connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret="yoursecrethere" internal-ipv4="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>
+
<syntaxhighlight lang="xml">
 +
  <connection name="IPSec" peer-ips="CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="CentOS.IP.Address" log="default"/>
 +
</syntaxhighlight>
 +
 
 +
=strongSwan=
 +
 
 +
file: /etc/ipsec.conf
 +
<syntaxhighlight lang="bash">
 +
conn myFireBrick
 +
      authby=secret
 +
      auto=start
 +
      left=strongSwan.IP
 +
      leftid=strongSwan.IP
 +
      leftsubnet=strongSwan.IP
 +
      right=FireBrick.IP
 +
      rightid=FireBrick.IP
 +
      rightsubnet=FireBrick.LAN.IP.Address/24
 +
      lifetime=2m
 +
</syntaxhighlight>
 +
 
 +
file: /etc/ipsec.secrets
  
 +
<syntaxhighlight lang="bash">
 +
strongSwan.IP FireBrick.IP : PSK "YourSecretHere"
 +
</syntaxhighlight>
  
[[Category:FireBrick_Tunnels|IPv6 Tunnels]]
+
<syntaxhighlight lang="xml">
 +
<connection name="IPSecTostrongSwan" peer-ips="strongSwan.IP" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="strongSwan.IP" log="default"/>
 +
</syntaxhighlight>
 +
[[Category:FireBrick IPsec|Strongswan]]

Latest revision as of 23:58, 17 August 2018

Linux (CentOS Openswan) Example Using IKE2 and Preshared keys

yum install openswan

(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)

In /etc/ipsec.conf uncomment

include /etc/ipsec.d/*.conf


Put following two files in /etc/ipsec.d/ :

file: myFireBrick.conf:

 conn myFireBrick
        authby=secret
        auto=start
        ikev2=insist
        left=CentOS.IP.Address
        leftid=CentOS.IP.Address
        leftsubnet=CentOS.IP.Address/32
        right=FireBrick.IP.Address
        rightid=FireBrick.IP.Address
        rightsubnet=FireBrick.LAN.SUBNET/24

file: myFireBrick.secrets:

CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere"
chkconfig ipsec on
service ipsec start

Put the following in the FB at the other end:

 <connection name="IPSec" peer-ips="CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="CentOS.IP.Address" log="default"/>

strongSwan

file: /etc/ipsec.conf

 conn myFireBrick
       authby=secret
       auto=start
       left=strongSwan.IP
       leftid=strongSwan.IP
       leftsubnet=strongSwan.IP
       right=FireBrick.IP
       rightid=FireBrick.IP
       rightsubnet=FireBrick.LAN.IP.Address/24
       lifetime=2m

file: /etc/ipsec.secrets

 strongSwan.IP FireBrick.IP : PSK "YourSecretHere"
 <connection name="IPSecTostrongSwan" peer-ips="strongSwan.IP" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="strongSwan.IP" log="default"/>