Table of Contents [Hide/Show]
1 - Prerequisites 1.1 - Server Components 1.2 - Vehicle Components2 - Server Configuration 2.1 - Update Software 2.2 - Install Openswan 2.3 - Configure IPSec Settings 2.3.1 - IPSec Connection Settings 2.3.2 - Configure iptables3 - Logic-5000 Configuration 3.1 - Configure Vehicle to Office Tunnel (network 1 to network 2 tunnel) 3.2 - Configure Office to Vehicle Tunnel (network 2 to network 1 tunnel)
$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get install openswan
$ chkconfig ipsec on
# # File: /etc/sysctl.conf # #--------------------------------------------------------------- # Enable routing (IP forwarding) #--------------------------------------------------------------- net/ipv4/ip_forward = 1
$ sysctl -p
$ nano /etc/ipsec.conf
# Manual: ipsec.conf.5 version 2.0 # basic configuration config setup # Do not set debug options to debug configuration issues! # plutodebug / klipsdebug = "all", "none" or a combation from below: # "raw crypt parsing emitting control klips pfkey natt x509 dpd private" # eg: # plutodebug="control parsing" # # enable to get logs per-peer # plutoopts="--perpeerlog" # # Again: only enable plutodebug or klipsdebug when asked by a developer # # NAT-TRAVERSAL support, see README.NAT-Traversal nat_traversal=yes # *** Exclude office network *** # exclude networks used on server side by adding %v4:!a.b.c.0/24 virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.254.0/24 # OE is now off by default. Uncomment and change to on, to enable. oe=off # which IPsec stack to use. netkey,klips,mast,auto or none protostack=netkey nhelpers=0 # Add connections here conn vehicle-office type=tunnel auth=esp authby=secret auto=add esp=aes forceencaps=yes left=%defaultroute leftsubnet=192.168.254.0/24 leftsourceip=192.168.254.6 right=%any conn office-vehicle type=tunnel auth=esp authby=secret auto=add esp=aes left=%defaultroute right=%any rightsubnet=192.168.1.0/24 rightsourceip=192.168.1.50
$ nano /etc/ipsec.secrets
%defaultroute %any: "C4A9A45045AA7C2E33BCE532015DCF" # Enter your own preshared key value
$ sudo service ipsec restart
ipsec_setup: Stopping Openswan IPSec... ipsec_setup: Starting Openswan IPSec U2.6.26/K2.6.35-22-server...
$ iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -d \! 10.0.1.0/24 -j MASQUERADE
$ iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 192.168.1.244