This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!
Difference between revisions of "FireBrick to Openswan Strongswan IPsec (Howto)"
Jump to navigation
Jump to search
| [quality revision] | [quality revision] |
m |
|||
| Line 33: | Line 33: | ||
Put the following in the FB at the other end: |
Put the following in the FB at the other end: |
||
<syntaxhighlight language="xml"> |
<syntaxhighlight language="xml"> |
||
| − | <connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address" routes="CentOS.IP.Address" log="default"/> |
+ | <connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="CentOS.IP.Address" log="default"/> |
</syntaxhighlight> |
</syntaxhighlight> |
||
| Line 48: | Line 48: | ||
right=FireBrick.IP |
right=FireBrick.IP |
||
rightid=FireBrick.IP |
rightid=FireBrick.IP |
||
| − | rightsubnet= |
+ | rightsubnet=FireBrick.LAN.IP.Address/24 |
lifetime=2m |
lifetime=2m |
||
| Line 56: | Line 56: | ||
| + | <syntaxhighlight language="xml"> |
||
| + | <connection name="IPSecTostrongSwan" peer-ips=strongSwan.IP" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="strongSwan.IP" log="default"/> |
||
| + | </syntaxhighlight> |
||
[[Category:FireBrick_Tunnels|IPv6 Tunnels]] |
[[Category:FireBrick_Tunnels|IPv6 Tunnels]] |
||
Revision as of 16:08, 30 June 2015
yum install openswan
(strongswan is much nicer, but not in yum on centos5. On centos6, use strongswan)
In /etc/ipsec.conf uncomment
include /etc/ipsec.d/*.conf
Put following two files in /etc/ipsec.d/ :
myFireBrick.conf:
conn myFireBrick
authby=secret
auto=start
ikev2=insist
left=CentOS.IP.Address
leftid=CentOS.IP.Address
leftsubnet=CentOS.IP.Address/32
right=FireBrick.IP.Address
rightid=FireBrick.IP.Address
rightsubnet=FireBrick.LAN.SUBNET/24in: myFireBrick.secrets:
CentOS.IP.Address FireBrick.IP.Address : PSK "YourSecretHere"
chkconfig ipsec on service ipsec start
Put the following in the FB at the other end:
<connection name="IPSec" peer-ips=CentOS.IP.Address" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="CentOS.IP.Address" log="default"/>strongSwan
file: /etc/ipsec.conf
conn myFireBrick
authby=secret
auto=start
left=strongSwan.IP
leftid=strongSwan.IP
leftsubnet=strongSwan.IP
right=FireBrick.IP
rightid=FireBrick.IP
rightsubnet=FireBrick.LAN.IP.Address/24
lifetime=2m
file: /etc/ipsec.secrets
strongSwan.IP FireBrick.IP : PSK "YourSecretHere"
<connection name="IPSecTostrongSwan" peer-ips=strongSwan.IP" auth-method="Secret" secret="YourSecretHere" internal-ipv4="FireBrick.LAN.IP.Address/24" routes="strongSwan.IP" log="default"/>