Difference between revisions of "FireBrick to Openswan Strongswan IPsec (Howto)"
From AAISP Support Site
| [quality revision] | [quality revision] |
m (AA-Andrew moved page FireBrick to Openswan IPsec (Howto) to FireBrick to Openswan Strongswan IPsec (Howto)) |
(clean up) |
||
| (15 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | <indicator name=" | + | <indicator name="Tunnels">[[File:Menu-IPsec.svg|link=:Category:FireBrick IPsec|30px|Back up to the FireBrick IPsec Tunnels Category Page]]</indicator> |
| + | *Also see: [[FireBrick Road Warrior strongSwan]] | ||
| + | |||
=Linux (CentOS Openswan) Example Using IKE2 and Preshared keys= | =Linux (CentOS Openswan) Example Using IKE2 and Preshared keys= | ||
| Line 11: | Line 13: | ||
Put following two files in /etc/ipsec.d/ : | Put following two files in /etc/ipsec.d/ : | ||
| − | + | file: myFireBrick.conf: | |
| + | |||
| + | <syntaxhighlight lang="bash"> | ||
conn myFireBrick | conn myFireBrick | ||
authby=secret | authby=secret | ||
| Line 22: | Line 26: | ||
rightid=FireBrick.IP.Address | rightid=FireBrick.IP.Address | ||
rightsubnet=FireBrick.LAN.SUBNET/24 | rightsubnet=FireBrick.LAN.SUBNET/24 | ||
| + | </syntaxhighlight> | ||
| − | + | file: myFireBrick.secrets: | |
| − | CentOS.IP.Address FireBrick.IP.Address : PSK " | + | CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere" |
chkconfig ipsec on | chkconfig ipsec on | ||
| Line 30: | Line 35: | ||
Put the following in the FB at the other end: | Put the following in the FB at the other end: | ||
| − | <connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret=" | + | <syntaxhighlight lang="xml"> |
| + | <connection name="IPSec" peer-ips="CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="CentOS.IP.Address" log="default"/> | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | =strongSwan= | ||
| + | |||
| + | file: /etc/ipsec.conf | ||
| + | <syntaxhighlight lang="bash"> | ||
| + | conn myFireBrick | ||
| + | authby=secret | ||
| + | auto=start | ||
| + | left=strongSwan.IP | ||
| + | leftid=strongSwan.IP | ||
| + | leftsubnet=strongSwan.IP | ||
| + | right=FireBrick.IP | ||
| + | rightid=FireBrick.IP | ||
| + | rightsubnet=FireBrick.LAN.IP.Address/24 | ||
| + | lifetime=2m | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | file: /etc/ipsec.secrets | ||
| + | <syntaxhighlight lang="bash"> | ||
| + | strongSwan.IP FireBrick.IP : PSK "YourSecretHere" | ||
| + | </syntaxhighlight> | ||
| − | [[Category: | + | <syntaxhighlight lang="xml"> |
| + | <connection name="IPSecTostrongSwan" peer-ips="strongSwan.IP" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="strongSwan.IP" log="default"/> | ||
| + | </syntaxhighlight> | ||
| + | [[Category:FireBrick IPsec|Strongswan]] | ||
Latest revision as of 23:58, 17 August 2018
- Also see: FireBrick Road Warrior strongSwan
yum install openswan
(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)
In /etc/ipsec.conf uncomment
include /etc/ipsec.d/*.conf
Put following two files in /etc/ipsec.d/ :
file: myFireBrick.conf:
conn myFireBrick
authby=secret
auto=start
ikev2=insist
left=CentOS.IP.Address
leftid=CentOS.IP.Address
leftsubnet=CentOS.IP.Address/32
right=FireBrick.IP.Address
rightid=FireBrick.IP.Address
rightsubnet=FireBrick.LAN.SUBNET/24
file: myFireBrick.secrets:
CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere"
chkconfig ipsec on service ipsec start
Put the following in the FB at the other end:
<connection name="IPSec" peer-ips="CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="CentOS.IP.Address" log="default"/>
strongSwan
file: /etc/ipsec.conf
conn myFireBrick
authby=secret
auto=start
left=strongSwan.IP
leftid=strongSwan.IP
leftsubnet=strongSwan.IP
right=FireBrick.IP
rightid=FireBrick.IP
rightsubnet=FireBrick.LAN.IP.Address/24
lifetime=2m
file: /etc/ipsec.secrets
strongSwan.IP FireBrick.IP : PSK "YourSecretHere"
<connection name="IPSecTostrongSwan" peer-ips="strongSwan.IP" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="strongSwan.IP" log="default"/>
