editor
698
edits
This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!
(Created page with "<indicator name="FireBrick Tunnels">link=:Category:FireBrick_Tunnels|30px|Back up to the Tunnels Category</indicator> =Linux (CentOS Openswan) Example...") |
(clean up) |
||
(17 intermediate revisions by 2 users not shown) | |||
<indicator name="
*Also see: [[FireBrick Road Warrior strongSwan]]
=Linux (CentOS Openswan) Example Using IKE2 and Preshared keys=
Put following two files in /etc/ipsec.d/ :
<syntaxhighlight lang="bash">
conn myFireBrick
authby=secret
rightid=FireBrick.IP.Address
rightsubnet=FireBrick.LAN.SUBNET/24
</syntaxhighlight>
CentOS.IP.Address FireBrick.IP.Address : PSK "
chkconfig ipsec on
Put the following in the FB at the other end:
<syntaxhighlight lang="xml">
<connection name="IPSec" peer-ips="CentOS.IP.Address" auth-method="Secret" secret="
</syntaxhighlight>
=strongSwan=
file: /etc/ipsec.conf
<syntaxhighlight lang="bash">
conn myFireBrick
authby=secret
auto=start
left=strongSwan.IP
leftid=strongSwan.IP
leftsubnet=strongSwan.IP
right=FireBrick.IP
rightid=FireBrick.IP
rightsubnet=FireBrick.LAN.IP.Address/24
lifetime=2m
</syntaxhighlight>
file: /etc/ipsec.secrets
<syntaxhighlight lang="bash">
strongSwan.IP FireBrick.IP : PSK "YourSecretHere"
</syntaxhighlight>
<syntaxhighlight lang="xml">
<connection name="IPSecTostrongSwan" peer-ips="strongSwan.IP" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="strongSwan.IP" log="default"/>
</syntaxhighlight>
[[Category:FireBrick IPsec|Strongswan]]
|