This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

Back up to the Tunnels Category

Difference between revisions of "FireBrick to Openswan Strongswan IPsec (Howto)"

From AAISP Support Site
Jump to navigation Jump to search
[quality revision][quality revision]
m
Line 24: Line 24:
   
 
in: myFireBrick.secrets:
 
in: myFireBrick.secrets:
CentOS.IP.Address FireBrick.IP.Address : PSK "yourpasswordhere"
+
CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere"
   
 
chkconfig ipsec on
 
chkconfig ipsec on
Line 30: Line 30:
   
 
Put the following in the FB at the other end:
 
Put the following in the FB at the other end:
<connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret="yoursecrethere" internal-ipv4="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>
+
<connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>
  +
  +
  +
  +
  +
=strongSwan=
  +
  +
file: /etc/ipsec.conf
  +
  +
conn myFireBrick
  +
authby=secret
  +
auto=start
  +
left=strongSwan.IP
  +
leftid=strongSwan.IP
  +
leftsubnet=strongSwan.IP
  +
right=FireBrick.IP
  +
rightid=FireBrick.IP
  +
rightsubnet=SUBNET.ON.FireBrick.LAN
  +
lifetime=2m
  +
  +
file: /etc/ipsec.secrets
  +
  +
strongSwan.IP FireBrick.IP : PSK "YourSecretHere"
   
   

Revision as of 16:03, 30 June 2015

Linux (CentOS Openswan) Example Using IKE2 and Preshared keys

yum install openswan

(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)

In /etc/ipsec.conf uncomment

include /etc/ipsec.d/*.conf


Put following two files in /etc/ipsec.d/ :

myFireBrick.conf:
conn myFireBrick
       authby=secret
       auto=start
       ikev2=insist
       left=CentOS.IP.Address
       leftid=CentOS.IP.Address
       leftsubnet=CentOS.IP.Address/32
       right=FireBrick.IP.Address
       rightid=FireBrick.IP.Address
       rightsubnet=FireBrick.LAN.SUBNET/24

in: myFireBrick.secrets:

CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere"
chkconfig ipsec on
service ipsec start

Put the following in the FB at the other end:

<connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>



strongSwan

file: /etc/ipsec.conf

conn myFireBrick
      authby=secret
      auto=start
      left=strongSwan.IP
      leftid=strongSwan.IP
      leftsubnet=strongSwan.IP
      right=FireBrick.IP
      rightid=FireBrick.IP
      rightsubnet=SUBNET.ON.FireBrick.LAN
      lifetime=2m

file: /etc/ipsec.secrets

strongSwan.IP FireBrick.IP : PSK "YourSecretHere"