This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

Back up to the Tunnels Category

FireBrick to Openswan Strongswan IPsec (Howto)

From AAISP Support Site
Jump to navigation Jump to search

Linux (CentOS Openswan) Example Using IKE2 and Preshared keys

yum install openswan

(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)

In /etc/ipsec.conf uncomment

include /etc/ipsec.d/*.conf


Put following two files in /etc/ipsec.d/ :

myFireBrick.conf:
conn myFireBrick
       authby=secret
       auto=start
       ikev2=insist
       left=CentOS.IP.Address
       leftid=CentOS.IP.Address
       leftsubnet=CentOS.IP.Address/32
       right=FireBrick.IP.Address
       rightid=FireBrick.IP.Address
       rightsubnet=FireBrick.LAN.SUBNET/24

in: myFireBrick.secrets:

CentOS.IP.Address FireBrick.IP.Address : PSK "yourpasswordhere"
chkconfig ipsec on
service ipsec start

Put the following in the FB at the other end:

<connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret="yoursecrethere" internal-ipv4="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>