Difference between revisions of "FireBrick to Openswan Strongswan IPsec (Howto)"
Jump to navigation
Jump to search
[quality revision] | [checked revision] |
m (→strongSwan) |
|||
(16 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | <indicator name=" |
+ | <indicator name="Tunnels">[[File:Menu-IPsec.svg|link=:Category:FireBrick IPsec|30px|Back up to the FireBrick IPsec Tunnels Category Page]]</indicator> |
+ | |||
+ | See also: [[FireBrick Road Warrior strongSwan]] |
||
+ | |||
=Linux (CentOS Openswan) Example Using IKE2 and Preshared keys= |
=Linux (CentOS Openswan) Example Using IKE2 and Preshared keys= |
||
Line 5: | Line 8: | ||
(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan) |
(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan) |
||
− | In /etc/ipsec.conf uncomment |
+ | In <tt>/etc/ipsec.conf</tt> uncomment |
include /etc/ipsec.d/*.conf |
include /etc/ipsec.d/*.conf |
||
− | Put following two files in /etc/ipsec.d/ |
+ | Put following two files in <tt>/etc/ipsec.d/</tt>: |
− | + | file: myFireBrick.conf: |
|
+ | |||
⚫ | |||
⚫ | |||
conn myFireBrick |
conn myFireBrick |
||
authby=secret |
authby=secret |
||
Line 25: | Line 29: | ||
</syntaxhighlight> |
</syntaxhighlight> |
||
− | + | file: myFireBrick.secrets: |
|
CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere" |
CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere" |
||
Line 32: | Line 36: | ||
Put the following in the FB at the other end: |
Put the following in the FB at the other end: |
||
− | <syntaxhighlight |
+ | <syntaxhighlight lang="xml"> |
− | <connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" |
+ | <connection name="IPSec" peer-ips="CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" local-ip="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/> |
</syntaxhighlight> |
</syntaxhighlight> |
||
Line 39: | Line 43: | ||
file: /etc/ipsec.conf |
file: /etc/ipsec.conf |
||
− | <syntaxhighlight |
+ | <syntaxhighlight lang="bash"> |
− | + | conn myFireBrick |
|
authby=secret |
authby=secret |
||
auto=start |
auto=start |
||
Line 54: | Line 58: | ||
file: /etc/ipsec.secrets |
file: /etc/ipsec.secrets |
||
− | <syntaxhighlight |
+ | <syntaxhighlight lang="bash"> |
strongSwan.IP FireBrick.IP : PSK "YourSecretHere" |
strongSwan.IP FireBrick.IP : PSK "YourSecretHere" |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
+ | Put the following in the FB at the other end: |
||
⚫ | |||
⚫ | |||
− | <connection name="IPSecTostrongSwan" peer-ips=strongSwan.IP" auth-method="Secret" secret="YourSecretHere" |
+ | <connection name="IPSecTostrongSwan" peer-ips="strongSwan.IP" auth-method="Secret" secret="YourSecretHere" local-ip="FireBrick.LAN.IP.Address" routes="strongSwan.IP" log="default"/> |
</syntaxhighlight> |
</syntaxhighlight> |
||
+ | |||
− | [[Category:FireBrick_Tunnels|IPv6 Tunnels]] |
||
+ | [[Category:FireBrick IPsec|Strongswan]] |
Latest revision as of 01:31, 4 July 2022
See also: FireBrick Road Warrior strongSwan
yum install openswan
(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)
In /etc/ipsec.conf uncomment
include /etc/ipsec.d/*.conf
Put following two files in /etc/ipsec.d/:
file: myFireBrick.conf:
conn myFireBrick
authby=secret
auto=start
ikev2=insist
left=CentOS.IP.Address
leftid=CentOS.IP.Address
leftsubnet=CentOS.IP.Address/32
right=FireBrick.IP.Address
rightid=FireBrick.IP.Address
rightsubnet=FireBrick.LAN.SUBNET/24
file: myFireBrick.secrets:
CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere"
chkconfig ipsec on service ipsec start
Put the following in the FB at the other end:
<connection name="IPSec" peer-ips="CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" local-ip="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>
strongSwan
file: /etc/ipsec.conf
conn myFireBrick
authby=secret
auto=start
left=strongSwan.IP
leftid=strongSwan.IP
leftsubnet=strongSwan.IP
right=FireBrick.IP
rightid=FireBrick.IP
rightsubnet=FireBrick.LAN.IP.Address/24
lifetime=2m
file: /etc/ipsec.secrets
strongSwan.IP FireBrick.IP : PSK "YourSecretHere"
Put the following in the FB at the other end:
<connection name="IPSecTostrongSwan" peer-ips="strongSwan.IP" auth-method="Secret" secret="YourSecretHere" local-ip="FireBrick.LAN.IP.Address" routes="strongSwan.IP" log="default"/>