Environment: CentOS 5.5 to CentOS 5.5
Example:
Site A
WAN: 100.100.100.100/24
LAN: 192.168.0.1/24
Site B
WAN: 200.200.200.200/24
LAN: 192.168.1.1/24
Install Openswan (formerly FreeSWAN)
yum -y install openswan
Edit Site A /etc/ipsec.conf
conn tunnel
left=100.100.100.100 # left for local
leftsubnet=192.168.0.0/24
right=200.200.200.200 # right for remote
rightsubnet=192.168.1.0/24
pfs=yes # pfs for Perfect Forward Secrecy
type=tunnel
authby=secret
auto=start
Edit Site A /etc/ipsec.secrets # left right order is not important, PSK must be the same as Site B
100.100.100.100 200.200.200.200: PSK "yourpsk"
Edit Site B /etc/ipsec.conf
conn tunnel
left=200.200.200.200
leftsubnet=192.168.1.0/24
right=100.100.100.100
rightsubnet=192.168.0.0/24
pfs=yes
type=tunnel
authby=secret
auto=start
Edit Site A /etc/ipsec.secrets
100.100.100.100 200.200.200.200: PSK "yourpsk"
Site A and Site B
service ipsec start
Show status
# /etc/init.d/ipsec status
/usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
IPsec running - pluto pid: 30061
pluto pid 30061
1 tunnels up
some eroutes exist
it work!
Check from Site A
ping -I 192.168.0.1 192.168.1.1
Check from Site B
ping -I 192.168.1.1 192.168.0.1
If you ping failed, check your iptables rules, no MASQUERADE between Site A and Site B
Hello,
Do you plan write some articles about Windows Server IPSec. There are a lot of documents about IPSec in Linux/Unix.
Or maybe you want to write about Linux - Windows integration?
Please let me know.