Ipsec Host to Host in linux

1. Gather system and network information from each server
- Ip address for both hosts
- A unique name to identify the ipsec connection (ex: ipsec0)
- A fixed encryption key or one automatically generated by racoon
- A pre-shared authentication key that it is used to initiate the connection and exchange encryption keys during the session
2. Server A has the following config file /etc/sysconfig/network-scripts/ifcfg-ipsec0
vi /etc/sysconfig/network-scripts/ifcfg-ipsec0
DEST=XXX.XXX.XXX.XXX (IP address for the Server B)
TYPE=IPSEC
ONBOOT=YES
IKE_METHOD=PSK
3. Server B has the following config file /etc/sysconfig/network-scripts/ifcfg-ipsec0
vi /etc/sysconfig/network-scripts/ifcfg-ipsec0
DEST=XXX.XXX.XXX.XXX (IP address for the Server A)
TYPE=IPSEC
ONBOOT=YES
IKE_METHOD=PSK
4. We create the file for the pre-shared key on both servers:
vi /etc/sysconfig/network-scripts/keys-ipsec0
IKE_PSK=helppoint
5. For security reasons change the permission on the file so only the root user can read and modify the file
chmod 600 /etc/sysconfig/network-scripts/keys-ipsec0
6. Start ipsec interface on both servers
/sbin/ifup ipsec0

					

Leave a comment