Libreswan: Difference between revisions

From Dave-Wiki
(Created page with "=Summary= Libreswan is an open-source implementation of IPsec (Internet Protocol Security) and IKE (Internet Key Exchange) protocols, used to secure network traffic at the IP layer. It is a popular choice for setting up Virtual Private Networks (VPNs), particularly site-to-site and remote-access VPNs. =Configuration= ===Example Configuration=== config setup logfile=/var/log/ipsec-davenet.log conn davenet-webz1 type=tunnel authby=secret...")
(No difference)

Revision as of 03:53, 22 January 2025

Summary

Libreswan is an open-source implementation of IPsec (Internet Protocol Security) and IKE (Internet Key Exchange) protocols, used to secure network traffic at the IP layer. It is a popular choice for setting up Virtual Private Networks (VPNs), particularly site-to-site and remote-access VPNs.

Configuration

Example Configuration

config setup
        logfile=/var/log/ipsec-davenet.log

conn davenet-webz1
        type=tunnel
        authby=secret
        left=davenet.lambnet.us
        [email protected]
        leftsubnet=10.144.0.0/16
        right=10.120.30.4
        [email protected]
        rightsubnet=0.0.0.0/0
        ike=aes256-sha256-dh20
        esp=aes_gcm256
        pfs=yes
        keyingtries=5
        ikev2=insist
        ikelifetime=28800s
        salifetime=3600s
        dpddelay=30
        dpdtimeout=120
        dpdaction=restart
        auto=start
        mark=5/0xffffffff
        vti-interface=vti01
        vti-routing=yes
        vti-shared=yes
        rightvti=10.200.0.1/32
        #leftupdown=/usr/local/bin/updown_vti01
Retrieved from "https://davehome.net/wiki/index.php?title=Libreswan&oldid=458"