Revision as of 03:57, 22 January 2025

Summary

Libreswan is an open-source implementation of IPsec (Internet Protocol Security) and IKE (Internet Key Exchange) protocols, used to secure network traffic at the IP layer. It is a popular choice for setting up Virtual Private Networks (VPNs), particularly site-to-site and remote-access VPNs.

Configuration

Locations

/etc/ipsec.d/: Main configuration files are here.
/etc/ipsec.d/{vpn_connection_name}.conf: Configuration file for a VPN connection.
/etc/ipsec.d/{vpn_connection_name}.secrets: PSKs for aforementioned VPN connection.

Example Configuration

config setup
        logfile=/var/log/ipsec-davenet.log

conn davenet-webz1
        type=tunnel
        authby=secret
        left=davenet.lambnet.us
        [email protected]
        leftsubnet=10.144.0.0/16
        right=10.120.30.4
        [email protected]
        rightsubnet=0.0.0.0/0
        ike=aes256-sha256-dh20
        esp=aes_gcm256
        pfs=yes
        keyingtries=5
        ikev2=insist
        ikelifetime=28800s
        salifetime=3600s
        dpddelay=30
        dpdtimeout=120
        dpdaction=restart
        auto=start
        mark=5/0xffffffff
        vti-interface=vti01
        vti-routing=yes
        vti-shared=yes
        rightvti=10.200.0.1/32
        #leftupdown=/usr/local/bin/updown_vti01

@@ Line 5: / Line 5: @@
 =Configuration=
-===Example Configuration===
+==Locations==
+;/etc/ipsec.d/: Main configuration files are here.
+;/etc/ipsec.d/{vpn_connection_name}.conf: Configuration file for a VPN connection.
+;/etc/ipsec.d/{vpn_connection_name}.secrets: PSKs for aforementioned VPN connection.
+==Example Configuration==
   config setup