EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Saturday 09 November 2024, 05:23:04 am
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
CLICK HERE
for the The official Endian Roadmap and Issue tracker
14250
Posts in
4377
Topics by
6515
Members
Latest Member:
hulteends
Search:
Advanced search
EFW Support
Support
VPN Support
IPSEC network-to-network Redhat/Centos
0 Members and 0 Guests are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: IPSEC network-to-network Redhat/Centos (Read 23298 times)
daytron
Jr. Member
Offline
Posts: 1
IPSEC network-to-network Redhat/Centos
«
on:
Wednesday 11 February 2009, 09:38:00 pm »
Hello,
I thought I'd post the details on getting Endian (2.2RC3) to talk to Redhat/Centos (5.x) using a network-to-network IPSEC tunnel.
Endian uses openswan/pluto, RH/Centos uses KAME/racoon. Following the RH/Centos doc for establishing a networ-to-network tunnel between two RH/Centos boxes is dead easy. However what is not documented is that by default both AH and ESP encryption are used in stage 2. By default, Endian/openswan only uses ESP encryption.
The easiest solution is to disbale AH encryption on the RH/Centos end using the AH_PROTO directive in the ifcfg-ipsecX file:
TYPE=IPSEC
#Started out of rc.local
ONBOOT=no
IKE_METHOD=PSK
AH_PROTO=none
SRCGW=192.168.0.11
DSTGW=192.168.2.1
SRCNET=192.168.0.0/24
DSTNET=192.168.2.0/24
DST=RED_IP_of_Endian_Box
Then in endian, use:
IKE - 3DES, SHA, DH Group 2
ESP - 3DES, SHA1, Phase 1 group
aggressive mode (optional)
Perfect Forward Secrecy
That config is directly compatable with the default RH/Centos ipsec config. You could just select everything but that wastes time in the setup negotiation.
I hope this saves someone else a lot of time/effort!
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.031 seconds with 19 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com