Libreswan

From Dave-Wiki
Revision as of 03:57, 22 January 2025 by Dave (talk | contribs) (→‎Locations)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Summary

Libreswan is an open-source implementation of IPsec (Internet Protocol Security) and IKE (Internet Key Exchange) protocols, used to secure network traffic at the IP layer. It is a popular choice for setting up Virtual Private Networks (VPNs), particularly site-to-site and remote-access VPNs.

Configuration

Locations

/etc/ipsec.d/
Main configuration files are here.
/etc/ipsec.d/{vpn_connection_name}.conf
Configuration file for a VPN connection.
/etc/ipsec.d/{vpn_connection_name}.secrets
PSKs for aforementioned VPN connection.

Example Configuration

config setup
        logfile=/var/log/ipsec-davenet.log

conn davenet-webz1
        type=tunnel
        authby=secret
        left=davenet.lambnet.us
        leftid=@davenet.lambnet.us
        leftsubnet=10.144.0.0/16
        right=10.120.30.4
        rightid=@webz1.z.lambnet.us
        rightsubnet=0.0.0.0/0
        ike=aes256-sha256-dh20
        esp=aes_gcm256
        pfs=yes
        keyingtries=5
        ikev2=insist
        ikelifetime=28800s
        salifetime=3600s
        dpddelay=30
        dpdtimeout=120
        dpdaction=restart
        auto=start
        mark=5/0xffffffff
        vti-interface=vti01
        vti-routing=yes
        vti-shared=yes
        rightvti=10.200.0.1/32
        #leftupdown=/usr/local/bin/updown_vti01
Retrieved from "https://davehome.net/wiki/index.php?title=Libreswan&oldid=460"