Summary

Libreswan is an open-source implementation of IPsec (Internet Protocol Security) and IKE (Internet Key Exchange) protocols, used to secure network traffic at the IP layer. It is a popular choice for setting up Virtual Private Networks (VPNs), particularly site-to-site and remote-access VPNs.

Configuration

Locations

/etc/ipsec.d/

Main configuration files are here.

/etc/ipsec.d/{vpn_connection_name}.conf

Configuration file for a VPN connection.

/etc/ipsec.d/{vpn_connection_name}.secrets

PSKs for aforementioned VPN connection.

Example Configuration

config setup
        logfile=/var/log/ipsec-davenet.log

conn davenet-webz1
        type=tunnel
        authby=secret
        left=davenet.lambnet.us
        [email protected]
        leftsubnet=10.144.0.0/16
        right=10.120.30.4
        [email protected]
        rightsubnet=0.0.0.0/0
        ike=aes256-sha256-dh20
        esp=aes_gcm256
        pfs=yes
        keyingtries=5
        ikev2=insist
        ikelifetime=28800s
        salifetime=3600s
        dpddelay=30
        dpdtimeout=120
        dpdaction=restart
        auto=start
        mark=5/0xffffffff
        vti-interface=vti01
        vti-routing=yes
        vti-shared=yes
        rightvti=10.200.0.1/32
        #leftupdown=/usr/local/bin/updown_vti01