This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!
Difference between revisions of "FireBrick to Openswan Strongswan IPsec (Howto)"
Jump to navigation
Jump to search
[quality revision] | [quality revision] |
m (AA-Andrew moved page FireBrick to Openswan IPsec (Howto) to FireBrick to Openswan Strongswan IPsec (Howto)) |
m |
||
Line 24: | Line 24: | ||
in: myFireBrick.secrets: |
in: myFireBrick.secrets: |
||
− | CentOS.IP.Address FireBrick.IP.Address : PSK " |
+ | CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere" |
chkconfig ipsec on |
chkconfig ipsec on |
||
Line 30: | Line 30: | ||
Put the following in the FB at the other end: |
Put the following in the FB at the other end: |
||
− | <connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret=" |
+ | <connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/> |
+ | |||
+ | |||
+ | |||
+ | |||
+ | =strongSwan= |
||
+ | |||
+ | file: /etc/ipsec.conf |
||
+ | |||
+ | conn myFireBrick |
||
+ | authby=secret |
||
+ | auto=start |
||
+ | left=strongSwan.IP |
||
+ | leftid=strongSwan.IP |
||
+ | leftsubnet=strongSwan.IP |
||
+ | right=FireBrick.IP |
||
+ | rightid=FireBrick.IP |
||
+ | rightsubnet=SUBNET.ON.FireBrick.LAN |
||
+ | lifetime=2m |
||
+ | |||
+ | file: /etc/ipsec.secrets |
||
+ | |||
+ | strongSwan.IP FireBrick.IP : PSK "YourSecretHere" |
||
Revision as of 16:03, 30 June 2015
yum install openswan
(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)
In /etc/ipsec.conf uncomment
include /etc/ipsec.d/*.conf
Put following two files in /etc/ipsec.d/ :
myFireBrick.conf: conn myFireBrick authby=secret auto=start ikev2=insist left=CentOS.IP.Address leftid=CentOS.IP.Address leftsubnet=CentOS.IP.Address/32 right=FireBrick.IP.Address rightid=FireBrick.IP.Address rightsubnet=FireBrick.LAN.SUBNET/24
in: myFireBrick.secrets:
CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere"
chkconfig ipsec on service ipsec start
Put the following in the FB at the other end:
<connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/>
strongSwan
file: /etc/ipsec.conf
conn myFireBrick authby=secret auto=start left=strongSwan.IP leftid=strongSwan.IP leftsubnet=strongSwan.IP right=FireBrick.IP rightid=FireBrick.IP rightsubnet=SUBNET.ON.FireBrick.LAN lifetime=2m
file: /etc/ipsec.secrets
strongSwan.IP FireBrick.IP : PSK "YourSecretHere"