Difference between revisions of "FireBrick to Openswan Strongswan IPsec (Howto)"
Jump to navigation
Jump to search
| [quality revision] | [quality revision] |
(Created page with "<indicator name="FireBrick Tunnels">link=:Category:FireBrick_Tunnels|30px|Back up to the Tunnels Category</indicator> =Linux (CentOS Openswan) Example...") |
m |
||
| Line 11: | Line 11: | ||
Put following two files in /etc/ipsec.d/ : |
Put following two files in /etc/ipsec.d/ : |
||
| − | + | myFireBrick.conf: |
|
conn myFireBrick |
conn myFireBrick |
||
authby=secret |
authby=secret |
||
Revision as of 15:58, 30 June 2015
yum install openswan
(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)
In /etc/ipsec.conf uncomment
include /etc/ipsec.d/*.conf
Put following two files in /etc/ipsec.d/ :
myFireBrick.conf:
conn myFireBrick
authby=secret
auto=start
ikev2=insist
left=CentOS.IP.Address
leftid=CentOS.IP.Address
leftsubnet=CentOS.IP.Address/32
right=FireBrick.IP.Address
rightid=FireBrick.IP.Address
rightsubnet=FireBrick.LAN.SUBNET/24
in: myFireBrick.secrets:
CentOS.IP.Address FireBrick.IP.Address : PSK "yourpasswordhere"
chkconfig ipsec on service ipsec start
Put the following in the FB at the other end:
<connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret="yoursecrethere" internal-ipv4="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>