Difference between revisions of "FireBrick to Openswan Strongswan IPsec (Howto)"
Jump to navigation
Jump to search
[quality revision] | [quality revision] |
m (AA-Andrew moved page FireBrick to Openswan IPsec (Howto) to FireBrick to Openswan Strongswan IPsec (Howto)) |
m |
||
Line 24: | Line 24: | ||
in: myFireBrick.secrets: |
in: myFireBrick.secrets: |
||
− | CentOS.IP.Address FireBrick.IP.Address : PSK " |
+ | CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere" |
chkconfig ipsec on |
chkconfig ipsec on |
||
Line 30: | Line 30: | ||
Put the following in the FB at the other end: |
Put the following in the FB at the other end: |
||
− | <connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret=" |
+ | <connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/> |
+ | |||
+ | |||
+ | |||
+ | |||
+ | =strongSwan= |
||
+ | |||
+ | file: /etc/ipsec.conf |
||
+ | |||
+ | conn myFireBrick |
||
+ | authby=secret |
||
+ | auto=start |
||
+ | left=strongSwan.IP |
||
+ | leftid=strongSwan.IP |
||
+ | leftsubnet=strongSwan.IP |
||
+ | right=FireBrick.IP |
||
+ | rightid=FireBrick.IP |
||
+ | rightsubnet=SUBNET.ON.FireBrick.LAN |
||
+ | lifetime=2m |
||
+ | |||
+ | file: /etc/ipsec.secrets |
||
+ | |||
+ | strongSwan.IP FireBrick.IP : PSK "YourSecretHere" |
||
Revision as of 16:03, 30 June 2015
yum install openswan
(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)
In /etc/ipsec.conf uncomment
include /etc/ipsec.d/*.conf
Put following two files in /etc/ipsec.d/ :
myFireBrick.conf: conn myFireBrick authby=secret auto=start ikev2=insist left=CentOS.IP.Address leftid=CentOS.IP.Address leftsubnet=CentOS.IP.Address/32 right=FireBrick.IP.Address rightid=FireBrick.IP.Address rightsubnet=FireBrick.LAN.SUBNET/24
in: myFireBrick.secrets:
CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere"
chkconfig ipsec on service ipsec start
Put the following in the FB at the other end:
<connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>
strongSwan
file: /etc/ipsec.conf
conn myFireBrick authby=secret auto=start left=strongSwan.IP leftid=strongSwan.IP leftsubnet=strongSwan.IP right=FireBrick.IP rightid=FireBrick.IP rightsubnet=SUBNET.ON.FireBrick.LAN lifetime=2m
file: /etc/ipsec.secrets
strongSwan.IP FireBrick.IP : PSK "YourSecretHere"