This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!
FireBrick to Openswan Strongswan IPsec (Howto)
Revision as of 14:59, 30 June 2015 by AA-Andrew (talk | contribs) (AA-Andrew moved page FireBrick to Openswan IPsec (Howto) to FireBrick to Openswan Strongswan IPsec (Howto))
yum install openswan
(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)
In /etc/ipsec.conf uncomment
include /etc/ipsec.d/*.conf
Put following two files in /etc/ipsec.d/ :
myFireBrick.conf:
conn myFireBrick
authby=secret
auto=start
ikev2=insist
left=CentOS.IP.Address
leftid=CentOS.IP.Address
leftsubnet=CentOS.IP.Address/32
right=FireBrick.IP.Address
rightid=FireBrick.IP.Address
rightsubnet=FireBrick.LAN.SUBNET/24
in: myFireBrick.secrets:
CentOS.IP.Address FireBrick.IP.Address : PSK "yourpasswordhere"
chkconfig ipsec on service ipsec start
Put the following in the FB at the other end:
<connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret="yoursecrethere" internal-ipv4="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>