Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:ipsec:openswan:site2site [2020/10/05 00:34] – formatting vgaeteradocs:guide-user:services:vpn:libreswan:site2site [2021/08/30 04:17] – [Troubleshooting] vgaetera
Line 1: Line 1:
 ====== IPsec site-to-site ====== ====== IPsec site-to-site ======
-| For an overview over all existing Virtual private network (VPN)-related articles in the OpenWrt wiki, please visit [[docs:guide-user:services:vpn:overview]] | 
-For all those people who want to use openswan for a site to site connection here are the gory details... 
- 
 ===== Background ===== ===== Background =====
 In our office environment we use CentOS on many of our internet facing servers. In our office environment we use CentOS on many of our internet facing servers.
Line 9: Line 6:
 This can be accomplished by killing off the racoon service and starting it again. This can be accomplished by killing off the racoon service and starting it again.
 This is not particularly helpfull. This is not particularly helpfull.
-RedHat have decided to move to openswan for their Enterprise Linux 6 release as the default IPsec implementation using pluto for the userland tools but keeping with NETKEY for the kernel stack.+RedHat have decided to move to Libreswan for their Enterprise Linux 6 release as the default IPsec implementation using pluto for the userland tools but keeping with NETKEY for the kernel stack.
 We are now in the process of migrating all our IPsec VPN connections to CentOS 6.x. We are now in the process of migrating all our IPsec VPN connections to CentOS 6.x.
  
 ===== Preparation ===== ===== Preparation =====
-==== Background Reading ==== 
-[[https://www.openswan.org/projects/openswan/|Openswan]] 
- 
 [[wp>IPsec]] [[http://www.linuxjournal.com/article/9916|Linux Journal IPsec article]] A good explanation IPsec implementations in linux. [[wp>IPsec]] [[http://www.linuxjournal.com/article/9916|Linux Journal IPsec article]] A good explanation IPsec implementations in linux.
-A good grounding on openSwan and openVPN with discussion about the two kernel stacks KLIPS and NETKEY as well as the userland tools pluto (openswan) and racoon (KAME).+A good grounding on Libreswan and openVPN with discussion about the two kernel stacks KLIPS and NETKEY as well as the userland tools pluto (Libreswan) and racoon (KAME).
 Note KLIPS is used in openWRT and NETKEY is used in RHEL 6.x / CentOS 6.x the pecularities of this are discussed later. Note KLIPS is used in openWRT and NETKEY is used in RHEL 6.x / CentOS 6.x the pecularities of this are discussed later.
  
-==== Required Packages ==== +==== Installation ====
-=== Server (OpenWrt) === +
-You need to install the openswan package +
- +
-=== Server (RHEL 6.x / CentOS 6.x) ===+
 <code bash> <code bash>
-yum install openswan +opkg install libreswan
-</code> +
- +
-===== Installation ===== +
-Use the graphical package manager to install openswan or from the command prompt using [[docs:guide-user:additional-software:opkg|opkg]] +
- +
-<code bash> +
-opkg install openswan+
 </code> </code>
  
 ===== Configuration ===== ===== Configuration =====
-==== OpenWrt ==== 
-Edit **/etc/ipsec.conf** file and add this to the bottom of the file (uncomment the line). 
- 
 <code bash> <code bash>
 +# vi /etc/ipsec.conf
 include /etc/ipsec.d/*.conf include /etc/ipsec.d/*.conf
-</code> 
  
-Edit **/etc/ipsec.secrets** file and add this to the bottom of the file. +# vi /etc/ipsec.secrets
- +
-<code bash>+
 include /etc/ipsec.d/*.secret include /etc/ipsec.d/*.secret
 </code> </code>
Line 100: Line 78:
  
 # Firewall # Firewall
-iptables-save+iptables-save -c
 </code> </code>
  
 ===== Notes ===== ===== Notes =====
-  * The Project Homepage: [[http://mumble.sourceforge.net/]] +  * The project homepage: [[http://mumble.sourceforge.net/]] 
-  * very good tutorial: [[http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html]]+  * very good tutorial: [[http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html]]
  
  • Last modified: 2022/10/28 03:54
  • by vgaetera