Welcome to Halil Demirezen's Tips and Tutorials Page
Personal
Home
Contact
Biography
Research

Projects
Tutorials
Celsus Library (TR)

Categories

LinuxNetworkComputer VisionDatabasesProgamming
vmware


VPN: IPSEC on Centos 7.7 2020-01-28 11:36:59

This tutorial is intented to give an example implementation of ipsec tunnel and its configuration
on Linux side of the connection.


After a base installation of Centos, the additional packages below should be installed

yum install ipsec-tools
yum install libreswan


After enabling ipsec service with systemctl enable ipsec and start it with
systemctl start ipsec, we are stepping into the tunnel configuration step.

We are creating a new config file under /etc/ipsec.d directory. For example conn1.conf

conn conn1
  authby=secret
 type=tunnel
 left=177.55.33.44
 leftnexthop=177.55.33.41
  leftsubnet=177.55.33.44/32


 right=10.10.10.10
  rightsubnets={10.10.10.11/32, 10.10.10.12/32, 10.10.10.13/32}


 keyexchange=ike
 ike=aes256-sha1;modp1024
 ikelifetime=28800s

 phase2=esp
 phase2alg=aes256-sha1;modp1024
 keylife=3600s
 auto=start


conn1 is the name of the connection.
left is the public ip address of this host.
leftnexthop is our gateway address
leftsubnet is the subnets that you tell other side to route the tunnel. More specifically,
you are telling other side to direct packets to me for these subnets.

right is the public IP address of the other party
rightsubnets is the subnets which are behind other party, so any attempt to reach those
networks from my side will be directed to the tunnel. The rest are tunnel parameters
which should be same on other side configiuration.