Scribd Logo
Upload

Welcome to Scribd!

  • Configure Site-to-Site VPN

    Uploaded by

    Eugen T. Morar
    112 views2 pages
    Configure Site-to-Site VPN with OpenSwan.

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Configure Site-to-Site VPN with OpenSwan.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    112 views2 pages

    Configure Site-to-Site VPN

    Uploaded by

    Eugen T. Morar
    Configure Site-to-Site VPN with OpenSwan.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 2

    ->ipsec setup<G2 second linux gateway [LEFT] ext ip=10.10.10.1 lan ip=192.168.1.5 gw ip=10.10.10.

    2 G1 first linux gateway [RIGHT] ext ip=10.10.10.2 lan ip=192.168.0.5 gw ip=10.10.10.1

    1. login to G2 and install openswan with klips support #mkdir /downloads #cd /downloads # wget http://www.openswan.org/download/openswan-2.6.31.tar.gz #tar zxvf openswan-2.6.31.tar.gz #cd openswan-2.6.31 #make programs install #make KERNELSRC=/lib/modules/`uname r`/build module minstall 2. configure tunnel on G2 #vi /etc/ipsec.conf config setup protostack=klips interfaces=ipsec0=eth0 conn G2-to-G1 auto=start authby=secret left=10.10.10.1 leftsubnet=192.168.1.0/24 right=10.10.10.2 rightsubnet=192.168.0.0/24 3. configure secret on G2 #vi /etc/ipsec.secrets 10.10.10.1 10.10.10.2: PSK "secret" 4. modify firewall for ipsec tunnel on G2 #vi /etc/kerber/firewall ..Modify NAT statement $ipt t nat A POSTROUTING o eth0 ! d 192.168.0.0/24 j MASQUERADE ..Add these lines in INPUT chain $ipt -A INPUT -i eth0 -p 50 -j ACCEPT $ipt -A INPUT -i eth0 -p udp --dport 500 -j ACCEPT ..Add this line in FORWARD chain $ipt -A FORWARD -i ipsec0 s 192.168.0.0/24 -j ACCEPT

    5. login to G1 and install openswan with klips support #mkdir /downloads

    www.arondmessaging.ro www.facebook.com/aiolinux

    #cd /downloads # wget http://www.openswan.org/download/openswan-2.6.31.tar.gz #tar zxvf openswan-2.6.31.tar.gz #cd openswan-2.6.31 #make programs install #make KERNELSRC=/lib/modules/`uname r`/build module minstall

    6. configure tunnel on G1 #vi /etc/ipsec.conf config setup protostack=klips interfaces=ipsec0=eth0 conn G2-to-G1 auto=start authby=secret left=10.10.10.1 leftsubnet=192.168.1.0/24 right=10.10.10.2 rightsubnet=192.168.0.0/24 7. configure secret on G1 #vi /etc/ipsec.secrets 10.10.10.1 10.10.10.2: PSK "secret" 8. modify firewall for ipsec tunnel on G1 #vi /etc/kerber/firewall ..Modify NAT statement $ipt t nat A POSTROUTING o eth0 ! d 192.168.1.0/24 j MASQUERADE ..Add these lines in INPUT chain $ipt -A INPUT -i eth0 -p 50 -j ACCEPT $ipt -A INPUT -i eth0 -p udp --dport 500 -j ACCEPT ..Add this line in FORWARD chain $ipt -A FORWARD -i ipsec0 s 192.168.1.0/24 -j ACCEPT 9. start ipsec service on G2 and G1 #service ipsec start 10. verify that tunnels are up #service ipsec status 11.test connectivity #ping 192.168.1.25

    www.arondmessaging.ro www.facebook.com/aiolinux

    You might also like