LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Creating a Linux<-WinXP VPN with OpenSwan (http://www.linuxquestions.org/questions/linux-security-4/creating-a-linux-winxp-vpn-with-openswan-281585/)

logo 01-24-2005 08:08 AM

Creating a Linux<-WinXP VPN with OpenSwan
 
Hi everybody, I need your help.
I have a small LAN with a Linux Fedora 3 box, which is used as a gateway into the internet. What I want to do is that I create a OpenSwan VPN server on the Linux machine and create a tunnel with my friend over the net. I've downloaded and rpm'd the needed package, but now what? Help documents say that i should start IPsec service, so i run "/sbin/service ipsec start", that works. But then the documentation refers to using ipsec command with various parameters, but the console says "ipsec: command not found". Also, when I start the Ipsec service, I cannot connect to the net form my LAN computers.
Can anyone tell me what am I doing wrong?

Jerre Cope 02-05-2005 12:38 AM

First you need to edit the ipsec.conf and ipsec.secrets file for your tunnel. Your ipsec.conf file should look something like this:
Code:

conn yourfriend
        authby=secret
        left=yourself.dyndns.biz
        leftsubnet=192.168.9.0/24
        right=yourfriend.dyndns.biz
        rightsubnet=192.168.0.0/24
        pfs=yes

The ipsec.secrets file should look something like:
Code:

yourself.dyndns.biz yourfriend.dyndns.biz: PSK "your shared password secret xxxx"
The ipsec.secrets file also documents the setup for an rsa public key exchange, which is more secure, but many of the appliance routers with vpn capability only support PSK

The next problem with configuring IPSEC will be putting the right holes in your firewall. I found the Shorewall firewall made the configuration easier.

logo 02-05-2005 01:57 AM

A bit dfferent problem now
 
Thank you for your reply. I have a bit different problem now. I have been looking into Openswan, and I found this step-by-step Openswan VPN guide here, which is absolutley prefect, exept one thing. Openswan won't accept the text I am supposed to enter into ipsec.conf . Can you help me format that text so that it will work?
thank you

Jerre Cope 02-05-2005 10:26 AM

Yes, though I'm by no means an expert. Other useful debugging commands are:
ipsec verify
and
ipsec barf

logo 02-07-2005 09:40 AM

Thank you. I will appreciate any help with getting the ipsec.conf work.


All times are GMT -5. The time now is 03:13 PM.