linux ยท ipsec

IPSEC / StrongSwan

A quick reminder to myself how to set up Strongswan.

/etc/ipsec.conf

conn gr2
  left=123.45.67.89
  leftauth=psk
  lefthostaccess=yes
  right=%any
  rightsubnet=192.168.1.0/24
  rightauth=psk
  auto=add
  dpdaction=restart
  esp=aes128-sha1-modp2048

/etc/ipsec.secrets

123.45.67.89 %any : PSK "QWERTY12345"

/etc/strongswan.d/charon/kernel-netlink.conf

kernel-netlink {
 ... 
 mtu = 1422
 ...
}

Router config:

IPSec Connection Name:                    whatever
Remote IPSec Gateway (URL):               123.45.67.89

Tunnel access from local IP addresses:    Subnet Address
IP Address for VPN:                       192.168.1.0
Subnet Mask:                              255.255.255.0

Tunnel access from remote IP addresses:   Single Address
IP Address for VPN:                       123.45.67.89
Subnet Mask:                              255.255.255.255

Key Exchange Method:                      Auto(IKE)
Authentication Method:                    Pre-Shared key
Pre-Shared Key:                           QWERTY12345
Perfect Forward Secrecy:                  Enable

Advanced
========

=== Phase 1 ===
Mode:                                   Main
Local Identifier Type:                  Local Wan IP
Local Identifier:
Remote Identifier Type:                 Remote Wan IP
Remote Identifier:
Encryption Algorithm:                   AES-128
Integrity Algorithm:                    SHA1
Diffie-Hellman Group for Key Exchange:  2048bit
Key Life Time(Seconds):                 3600

=== Phase 2 ===
Encryption Algorithm:                   AES-128
Integrity Algorithm:                    SHA1
Diffie-Hellman Group for Key Exchange:  2048bit
Key Life Time(Seconds):                 3600

Finally, configure a regular ping job on 192.168.1.0/24 network to ping 123.45.67.89.

Published:
comments powered by Disqus