This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

Back up to the FireBrick IPsec Tunnels Category Page

FireBrick to Openswan Strongswan IPsec (Howto): Difference between revisions

From AAISP Support Site
Jump to navigation Jump to search
 
(16 intermediate revisions by 2 users not shown)
Line 1: Line 1:
<indicator name="FireBrick Tunnels">[[File:FBimgtunnel.svg|link=:Category:FireBrick_Tunnels|30px|Back up to the Tunnels Category]]</indicator>
<indicator name="Tunnels">[[File:Menu-IPsec.svg|link=:Category:FireBrick IPsec|30px|Back up to the FireBrick IPsec Tunnels Category Page]]</indicator>

See also: [[FireBrick Road Warrior strongSwan]]

=Linux (CentOS Openswan) Example Using IKE2 and Preshared keys=
=Linux (CentOS Openswan) Example Using IKE2 and Preshared keys=


Line 5: Line 8:
(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)
(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)


In /etc/ipsec.conf uncomment
In <tt>/etc/ipsec.conf</tt> uncomment
include /etc/ipsec.d/*.conf
include /etc/ipsec.d/*.conf




Put following two files in /etc/ipsec.d/ :
Put following two files in <tt>/etc/ipsec.d/</tt>:


myFireBrick.conf:
file: myFireBrick.conf:

<syntaxhighlight>
<syntaxhighlight lang="bash">
conn myFireBrick
conn myFireBrick
authby=secret
authby=secret
Line 25: Line 29:
</syntaxhighlight>
</syntaxhighlight>


in: myFireBrick.secrets:
file: myFireBrick.secrets:
CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere"
CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere"


Line 32: Line 36:


Put the following in the FB at the other end:
Put the following in the FB at the other end:
<syntaxhighlight language="xml">
<syntaxhighlight lang="xml">
<connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="CentOS.IP.Address" log="default"/>
<connection name="IPSec" peer-ips="CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" local-ip="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>
</syntaxhighlight>
</syntaxhighlight>


Line 39: Line 43:


file: /etc/ipsec.conf
file: /etc/ipsec.conf
<syntaxhighlight language="linux-config">
<syntaxhighlight lang="bash">
conn myFireBrick
conn myFireBrick
authby=secret
authby=secret
auto=start
auto=start
Line 54: Line 58:
file: /etc/ipsec.secrets
file: /etc/ipsec.secrets


<syntaxhighlight language="linux-config">
<syntaxhighlight lang="bash">
strongSwan.IP FireBrick.IP : PSK "YourSecretHere"
strongSwan.IP FireBrick.IP : PSK "YourSecretHere"
</syntaxhighlight>
</syntaxhighlight>


Put the following in the FB at the other end:
<syntaxhighlight language="xml">
<syntaxhighlight lang="xml">
<connection name="IPSecTostrongSwan" peer-ips=strongSwan.IP" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="strongSwan.IP" log="default"/>
<connection name="IPSecTostrongSwan" peer-ips="strongSwan.IP" auth-method="Secret" secret="YourSecretHere" local-ip="FireBrick.LAN.IP.Address" routes="strongSwan.IP" log="default"/>
</syntaxhighlight>
</syntaxhighlight>

[[Category:FireBrick_Tunnels|IPv6 Tunnels]]
[[Category:FireBrick IPsec|Strongswan]]

Latest revision as of 00:31, 4 July 2022


See also: FireBrick Road Warrior strongSwan

Linux (CentOS Openswan) Example Using IKE2 and Preshared keys

yum install openswan

(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)

In /etc/ipsec.conf uncomment 

include /etc/ipsec.d/*.conf


Put following two files in /etc/ipsec.d/:

file: myFireBrick.conf: 

 conn myFireBrick
        authby=secret
        auto=start
        ikev2=insist
        left=CentOS.IP.Address
        leftid=CentOS.IP.Address
        leftsubnet=CentOS.IP.Address/32
        right=FireBrick.IP.Address
        rightid=FireBrick.IP.Address
        rightsubnet=FireBrick.LAN.SUBNET/24

file: myFireBrick.secrets: 

CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere"

chkconfig ipsec on
service ipsec start

Put the following in the FB at the other end: 

 <connection name="IPSec" peer-ips="CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" local-ip="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>

strongSwan

file: /etc/ipsec.conf 

conn myFireBrick
       authby=secret
       auto=start
       left=strongSwan.IP
       leftid=strongSwan.IP
       leftsubnet=strongSwan.IP
       right=FireBrick.IP
       rightid=FireBrick.IP
       rightsubnet=FireBrick.LAN.IP.Address/24
       lifetime=2m

file: /etc/ipsec.secrets 

 strongSwan.IP FireBrick.IP : PSK "YourSecretHere"

Put the following in the FB at the other end: 

 <connection name="IPSecTostrongSwan" peer-ips="strongSwan.IP" auth-method="Secret" secret="YourSecretHere" local-ip="FireBrick.LAN.IP.Address" routes="strongSwan.IP" log="default"/>
Retrieved from ‘http://support.aa.net.uk/index.php?title=FireBrick_to_Openswan_Strongswan_IPsec_(Howto)&oldid=15851