Back up to the FireBrick IPsec Tunnels Category Page

Difference between revisions of "FireBrick to Openswan Strongswan IPsec (Howto)"

From AAISP Support Site
Jump to navigation Jump to search
[quality revision][checked revision]
 
(16 intermediate revisions by 2 users not shown)
Line 1: Line 1:
<indicator name="FireBrick Tunnels">[[File:FBimgtunnel.svg|link=:Category:FireBrick_Tunnels|30px|Back up to the Tunnels Category]]</indicator>
 +
<indicator name="Tunnels">[[File:Menu-IPsec.svg|link=:Category:FireBrick IPsec|30px|Back up to the FireBrick IPsec Tunnels Category Page]]</indicator>
  +
  +
See also: [[FireBrick Road Warrior strongSwan]]
  +
 
=Linux (CentOS Openswan) Example Using IKE2 and Preshared keys=
  
=Linux (CentOS Openswan) Example Using IKE2 and Preshared keys=
   
Line 5: Line 8:
 
(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)
  
(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)
   
In /etc/ipsec.conf uncomment
 +
In <tt>/etc/ipsec.conf</tt> uncomment
 
include /etc/ipsec.d/*.conf
  
include /etc/ipsec.d/*.conf
   
   
Put following two files in /etc/ipsec.d/ :
 +
Put following two files in <tt>/etc/ipsec.d/</tt>:
   
myFireBrick.conf:
 +
file: myFireBrick.conf:
  +
<syntaxhighlight>
  
 
<syntaxhighlight lang="bash">
 
conn myFireBrick
  
conn myFireBrick
 
authby=secret
  
authby=secret
Line 25: Line 29:
 
</syntaxhighlight>
  
</syntaxhighlight>
   
in: myFireBrick.secrets:
 +
file: myFireBrick.secrets:
 
CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere"
  
CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere"
   
Line 32: Line 36:
   
 
Put the following in the FB at the other end:
  
Put the following in the FB at the other end:
<syntaxhighlight language="xml">
 +
<syntaxhighlight lang="xml">
<connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="CentOS.IP.Address" log="default"/>
 +
<connection name="IPSec" peer-ips="CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" local-ip="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>
 
</syntaxhighlight>
  
</syntaxhighlight>
   
Line 39: Line 43:
   
 
file: /etc/ipsec.conf
  
file: /etc/ipsec.conf
<syntaxhighlight language="linux-config">
 +
<syntaxhighlight lang="bash">
conn myFireBrick
 +
conn myFireBrick
 
authby=secret
  
authby=secret
 
auto=start
  
auto=start
Line 54: Line 58:
 
file: /etc/ipsec.secrets
  
file: /etc/ipsec.secrets
   
<syntaxhighlight language="linux-config">
 +
<syntaxhighlight lang="bash">
 
strongSwan.IP FireBrick.IP : PSK "YourSecretHere"
  
strongSwan.IP FireBrick.IP : PSK "YourSecretHere"
 
</syntaxhighlight>
  
</syntaxhighlight>
   
  +
Put the following in the FB at the other end:
<syntaxhighlight language="xml">
  
 
<syntaxhighlight lang="xml">
<connection name="IPSecTostrongSwan" peer-ips=strongSwan.IP" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="strongSwan.IP" log="default"/>
 +
<connection name="IPSecTostrongSwan" peer-ips="strongSwan.IP" auth-method="Secret" secret="YourSecretHere" local-ip="FireBrick.LAN.IP.Address" routes="strongSwan.IP" log="default"/>
 
</syntaxhighlight>
  
</syntaxhighlight>
  +
[[Category:FireBrick_Tunnels|IPv6 Tunnels]]
  
  +
[[Category:FireBrick IPsec|Strongswan]]

Latest revision as of 01:31, 4 July 2022


See also: FireBrick Road Warrior strongSwan

Linux (CentOS Openswan) Example Using IKE2 and Preshared keys

yum install openswan

(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)

In /etc/ipsec.conf uncomment 

include /etc/ipsec.d/*.conf


Put following two files in /etc/ipsec.d/:

file: myFireBrick.conf: 

 conn myFireBrick
        authby=secret
        auto=start
        ikev2=insist
        left=CentOS.IP.Address
        leftid=CentOS.IP.Address
        leftsubnet=CentOS.IP.Address/32
        right=FireBrick.IP.Address
        rightid=FireBrick.IP.Address
        rightsubnet=FireBrick.LAN.SUBNET/24

file: myFireBrick.secrets: 

CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere"

chkconfig ipsec on
service ipsec start

Put the following in the FB at the other end: 

 <connection name="IPSec" peer-ips="CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" local-ip="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>

strongSwan

file: /etc/ipsec.conf 

conn myFireBrick
       authby=secret
       auto=start
       left=strongSwan.IP
       leftid=strongSwan.IP
       leftsubnet=strongSwan.IP
       right=FireBrick.IP
       rightid=FireBrick.IP
       rightsubnet=FireBrick.LAN.IP.Address/24
       lifetime=2m

file: /etc/ipsec.secrets 

 strongSwan.IP FireBrick.IP : PSK "YourSecretHere"

Put the following in the FB at the other end: 

 <connection name="IPSecTostrongSwan" peer-ips="strongSwan.IP" auth-method="Secret" secret="YourSecretHere" local-ip="FireBrick.LAN.IP.Address" routes="strongSwan.IP" log="default"/>
Retrieved from "http://support.aa.net.uk/index.php?title=FireBrick_to_Openswan_Strongswan_IPsec_(Howto)&oldid=15851"