FireBrick to Openswan Strongswan IPsec (Howto)
Revision as of 15:59, 30 June 2015 by AA-Andrew (talk | contribs) (AA-Andrew moved page FireBrick to Openswan IPsec (Howto) to FireBrick to Openswan Strongswan IPsec (Howto))
yum install openswan
(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)
In /etc/ipsec.conf uncomment
include /etc/ipsec.d/*.conf
Put following two files in /etc/ipsec.d/ :
myFireBrick.conf: conn myFireBrick authby=secret auto=start ikev2=insist left=CentOS.IP.Address leftid=CentOS.IP.Address leftsubnet=CentOS.IP.Address/32 right=FireBrick.IP.Address rightid=FireBrick.IP.Address rightsubnet=FireBrick.LAN.SUBNET/24
in: myFireBrick.secrets:
CentOS.IP.Address FireBrick.IP.Address : PSK "yourpasswordhere"
chkconfig ipsec on service ipsec start
Put the following in the FB at the other end:
<connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret="yoursecrethere" internal-ipv4="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>