Libreswan: Difference between revisions
No edit summary |
|||
| Line 7: | Line 7: | ||
==Locations== | ==Locations== | ||
;/etc/ipsec.d/: Main configuration files are here. | ;<code>/etc/ipsec.d/</code>: Main configuration files are here. | ||
;/etc/ipsec.d/{vpn_connection_name}.conf: Configuration file for a VPN connection. | ;<code>/etc/ipsec.d/{vpn_connection_name}.conf</code>: Configuration file for a VPN connection. | ||
;/etc/ipsec.d/{vpn_connection_name}.secrets: PSKs for aforementioned VPN connection. | ;<code>/etc/ipsec.d/{vpn_connection_name}.secrets</code>: PSKs for aforementioned VPN connection. | ||
==Example Configuration== | ==Example Configuration== | ||
Latest revision as of 03:57, 22 January 2025
Summary
Libreswan is an open-source implementation of IPsec (Internet Protocol Security) and IKE (Internet Key Exchange) protocols, used to secure network traffic at the IP layer. It is a popular choice for setting up Virtual Private Networks (VPNs), particularly site-to-site and remote-access VPNs.
Configuration
Locations
/etc/ipsec.d/- Main configuration files are here.
/etc/ipsec.d/{vpn_connection_name}.conf- Configuration file for a VPN connection.
/etc/ipsec.d/{vpn_connection_name}.secrets- PSKs for aforementioned VPN connection.
Example Configuration
config setup
logfile=/var/log/ipsec-davenet.log
conn davenet-webz1
type=tunnel
authby=secret
left=davenet.lambnet.us
[email protected]
leftsubnet=10.144.0.0/16
right=10.120.30.4
[email protected]
rightsubnet=0.0.0.0/0
ike=aes256-sha256-dh20
esp=aes_gcm256
pfs=yes
keyingtries=5
ikev2=insist
ikelifetime=28800s
salifetime=3600s
dpddelay=30
dpdtimeout=120
dpdaction=restart
auto=start
mark=5/0xffffffff
vti-interface=vti01
vti-routing=yes
vti-shared=yes
rightvti=10.200.0.1/32
#leftupdown=/usr/local/bin/updown_vti01