Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:vpn:ipsec:openswan:site2site [2020/10/05 00:33] – [IPsec site-to-site] formatting vgaetera | docs:guide-user:services:vpn:libreswan:site2site [2021/08/30 04:18] – [Troubleshooting] vgaetera | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== IPsec site-to-site ====== | ====== IPsec site-to-site ====== | ||
| - | | For an overview over all existing Virtual private network (VPN)-related articles in the OpenWrt wiki, please visit [[docs: | ||
| - | For all those people who want to use openswan for a site to site connection here are the gory details... | ||
| - | |||
| ===== Background ===== | ===== Background ===== | ||
| - | In our office environment we use Centos | + | In our office environment we use CentOS |
| In RedHat Enterprise Linux 5 the IPsec implementation was provided by racoon (KAME), userland tools, and NETKEY in the kernel. | In RedHat Enterprise Linux 5 the IPsec implementation was provided by racoon (KAME), userland tools, and NETKEY in the kernel. | ||
| We set up our six office WAN using this and when it's up and running it seems to be stable, however adding a new site to the WAN seems to require reseting all of the IPsec server accross the WAN. | We set up our six office WAN using this and when it's up and running it seems to be stable, however adding a new site to the WAN seems to require reseting all of the IPsec server accross the WAN. | ||
| This can be accomplished by killing off the racoon service and starting it again. | This can be accomplished by killing off the racoon service and starting it again. | ||
| This is not particularly helpfull. | This is not particularly helpfull. | ||
| - | RedHat have decided to move to openswan | + | RedHat have decided to move to Libreswan |
| - | We are now in the process of migrating all our IPsec VPN connections to Centos | + | We are now in the process of migrating all our IPsec VPN connections to CentOS |
| ===== Preparation ===== | ===== Preparation ===== | ||
| - | ==== Background Reading ==== | ||
| - | [[https:// | ||
| - | |||
| [[wp> | [[wp> | ||
| - | A good grounding on openSwan | + | A good grounding on Libreswan |
| - | Note KLIPS is used in openWRT and NETKEY is used in RHEL 6.x / CENTOS | + | Note KLIPS is used in openWRT and NETKEY is used in RHEL 6.x / CentOS |
| - | ==== Required Packages | + | ==== Installation |
| - | === Server (OpenWrt) === | + | |
| - | You need to install the openswan package | + | |
| - | + | ||
| - | === Server (RHEL 6.x / Centos 6.x) === | + | |
| <code bash> | <code bash> | ||
| - | yum install openswan | + | opkg install |
| - | </ | + | |
| - | + | ||
| - | ===== Installation ===== | + | |
| - | Use the graphical package manager to install openswan or from the command prompt using [[docs: | + | |
| - | + | ||
| - | <code bash> | + | |
| - | opkg install | + | |
| </ | </ | ||
| ===== Configuration ===== | ===== Configuration ===== | ||
| - | ==== OpenWrt ==== | ||
| - | Edit **/ | ||
| - | |||
| <code bash> | <code bash> | ||
| + | # vi / | ||
| include / | include / | ||
| - | </ | ||
| - | Edit **/ | + | # vi / |
| - | + | ||
| - | <code bash> | + | |
| include / | include / | ||
| </ | </ | ||
| Line 100: | Line 78: | ||
| # Firewall | # Firewall | ||
| - | iptables-save | + | iptables-save |
| </ | </ | ||
| ===== Notes ===== | ===== Notes ===== | ||
| - | * The Project Homepage: [[http:// | + | * The project homepage: [[http:// |
| - | * a very good tutorial: [[http:// | + | * A very good tutorial: [[http:// |