Back up to the Tunnels Category

Difference between revisions of "FireBrick to Openswan Strongswan IPsec (Howto)"

From AAISP Support Site
Jump to: navigation, search
[quality revision][quality revision]
m
Line 24: Line 24:
  
 
in: myFireBrick.secrets:
 
in: myFireBrick.secrets:
  CentOS.IP.Address FireBrick.IP.Address : PSK "yourpasswordhere"
+
  CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere"
  
 
  chkconfig ipsec on
 
  chkconfig ipsec on
Line 30: Line 30:
  
 
Put the following in the FB at the other end:
 
Put the following in the FB at the other end:
  <connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret="yoursecrethere" internal-ipv4="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>
+
  <connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>
 +
 
 +
 
 +
 
 +
 
 +
=strongSwan=
 +
 
 +
file: /etc/ipsec.conf
 +
 
 +
conn myFireBrick
 +
      authby=secret
 +
      auto=start
 +
      left=strongSwan.IP
 +
      leftid=strongSwan.IP
 +
      leftsubnet=strongSwan.IP
 +
      right=FireBrick.IP
 +
      rightid=FireBrick.IP
 +
      rightsubnet=SUBNET.ON.FireBrick.LAN
 +
      lifetime=2m
 +
 
 +
file: /etc/ipsec.secrets
 +
 
 +
strongSwan.IP FireBrick.IP : PSK "YourSecretHere"
  
  
 
[[Category:FireBrick_Tunnels|IPv6 Tunnels]]
 
[[Category:FireBrick_Tunnels|IPv6 Tunnels]]

Revision as of 15:03, 30 June 2015

Linux (CentOS Openswan) Example Using IKE2 and Preshared keys

yum install openswan

(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)

In /etc/ipsec.conf uncomment

include /etc/ipsec.d/*.conf


Put following two files in /etc/ipsec.d/ :

myFireBrick.conf:
conn myFireBrick
       authby=secret
       auto=start
       ikev2=insist
       left=CentOS.IP.Address
       leftid=CentOS.IP.Address
       leftsubnet=CentOS.IP.Address/32
       right=FireBrick.IP.Address
       rightid=FireBrick.IP.Address
       rightsubnet=FireBrick.LAN.SUBNET/24

in: myFireBrick.secrets:

CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere"
chkconfig ipsec on
service ipsec start

Put the following in the FB at the other end:

<connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>



strongSwan

file: /etc/ipsec.conf

conn myFireBrick
      authby=secret
      auto=start
      left=strongSwan.IP
      leftid=strongSwan.IP
      leftsubnet=strongSwan.IP
      right=FireBrick.IP
      rightid=FireBrick.IP
      rightsubnet=SUBNET.ON.FireBrick.LAN
      lifetime=2m

file: /etc/ipsec.secrets

strongSwan.IP FireBrick.IP : PSK "YourSecretHere"