FireBrick to Openswan Strongswan IPsec (Howto): Difference between revisions

Back up to the FireBrick IPsec Tunnels Category Page
From AAISP Support Site
m (See also!)
 
(2 intermediate revisions by the same user not shown)
Line 8: Line 8:
(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)
(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)


In /etc/ipsec.conf uncomment
In <tt>/etc/ipsec.conf</tt> uncomment
include /etc/ipsec.d/*.conf
include /etc/ipsec.d/*.conf




Put following two files in /etc/ipsec.d/ :
Put following two files in <tt>/etc/ipsec.d/</tt>:


file: myFireBrick.conf:
file: myFireBrick.conf:
Line 37: Line 37:
Put the following in the FB at the other end:
Put the following in the FB at the other end:
<syntaxhighlight lang="xml">
<syntaxhighlight lang="xml">
<connection name="IPSec" peer-ips="CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" local-ip="FireBrick.LAN.IP.Address/24" routes="CentOS.IP.Address" log="default"/>
<connection name="IPSec" peer-ips="CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" local-ip="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>
</syntaxhighlight>
</syntaxhighlight>


Line 44: Line 44:
file: /etc/ipsec.conf
file: /etc/ipsec.conf
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
conn myFireBrick
conn myFireBrick
authby=secret
authby=secret
auto=start
auto=start
Line 64: Line 64:
Put the following in the FB at the other end:
Put the following in the FB at the other end:
<syntaxhighlight lang="xml">
<syntaxhighlight lang="xml">
<connection name="IPSecTostrongSwan" peer-ips="strongSwan.IP" auth-method="Secret" secret="YourSecretHere" local-ip="FireBrick.LAN.IP.Address/24" routes="strongSwan.IP" log="default"/>
<connection name="IPSecTostrongSwan" peer-ips="strongSwan.IP" auth-method="Secret" secret="YourSecretHere" local-ip="FireBrick.LAN.IP.Address" routes="strongSwan.IP" log="default"/>
</syntaxhighlight>
</syntaxhighlight>



Latest revision as of 00:31, 4 July 2022


See also: FireBrick Road Warrior strongSwan

Linux (CentOS Openswan) Example Using IKE2 and Preshared keys

yum install openswan

(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)

In /etc/ipsec.conf uncomment

include /etc/ipsec.d/*.conf


Put following two files in /etc/ipsec.d/:

file: myFireBrick.conf:

 conn myFireBrick
        authby=secret
        auto=start
        ikev2=insist
        left=CentOS.IP.Address
        leftid=CentOS.IP.Address
        leftsubnet=CentOS.IP.Address/32
        right=FireBrick.IP.Address
        rightid=FireBrick.IP.Address
        rightsubnet=FireBrick.LAN.SUBNET/24

file: myFireBrick.secrets:

CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere"
chkconfig ipsec on
service ipsec start

Put the following in the FB at the other end:

 <connection name="IPSec" peer-ips="CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" local-ip="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>

strongSwan

file: /etc/ipsec.conf

conn myFireBrick
       authby=secret
       auto=start
       left=strongSwan.IP
       leftid=strongSwan.IP
       leftsubnet=strongSwan.IP
       right=FireBrick.IP
       rightid=FireBrick.IP
       rightsubnet=FireBrick.LAN.IP.Address/24
       lifetime=2m

file: /etc/ipsec.secrets

 strongSwan.IP FireBrick.IP : PSK "YourSecretHere"

Put the following in the FB at the other end:

 <connection name="IPSecTostrongSwan" peer-ips="strongSwan.IP" auth-method="Secret" secret="YourSecretHere" local-ip="FireBrick.LAN.IP.Address" routes="strongSwan.IP" log="default"/>