VPN

From dghartung.com/docs

Jump to: navigation, search

Strongswan host-host and host-roadwarrior setup

Credits and Links

Jacco de Leeuw's useful VPN page This howto is heavily based on this page!

Stongswan Page

Preliminary Notes.

Install gmp and gmp-devel 

yum install gmp gmp-devel

Download Strongswan 

cd /usr/local/src
wget http://download.strongswan.org/strongswan-2.8.6.tar.bz2

Unpack it, make it, install it 

tar -jxvf strongswan-2.8.0.tar.bz2
cd strongswan-2.8.0

If your clients are behind an NAT Device you may need to enable transport mode as shown here NAT-T 

make programs
make install


View this page to generate certificates: CA

Configure your /etc/ipsec.secrets 

# /etc/ipsec.secrets - strongSwan IPsec secrets file

: RSA name-this-key.pem "your-password-silly"

Edit your /etc/ipsec.conf file to look like these based on what you need 

host-to-host or net-to-net
roadwarrior-to-net-win-xp
roadwarrior-behind-nat-linux
real-ipsec.conf Here is my "real-world" working example with some of the particulars changed.

Configure l2tpd

If you use Shorewall Firewall look at this page: Shorewall Config for VPN

VPN Start-up

Retrieved from "http://www.dghartung.com/docs/index.php/VPN"
Personal tools