This is a post in response to a comment made earlier on my previous blog post on Linux IPSec Setup asking for assistance. So here's what I could possibly do to help the needy.
This is a setup which I assisted one of my friend in creating a VPN between a Static IP Linksys Router and an Amazon cloud based server. Since we all know that Amazon cloud servers don't actually have a static public IP assigned to them instead they've a One-to-One NAT mechanism at the best so this becomes a bit trickier for anyone new to the OpenSWAN or IPSec in Linuxes.
Regardless of the Operating System the openswan package needs to be installed on the server properly. Please refer to other blogs or Google in order to install ipsec service. See this references in this link:
The topology we'll be working on is defined in the diagram below.
Now get to the configurations.
The ipsec.conf file contains these:
config setup
interfaces=%defaultroute
klipsdebug=all
plutodebug=all
protostack=netkey
nat_traversal=yes
conn Linksys
type=tunnel
left=10.2.147.164
leftnexthop=%defaultroute
leftsubnet=10.2.147.164/26
right=120.121.122.123
rightnexthop=%defaultroute
rightsubnet=192.168.4.0/24
auth=esp
keyexchange=ike
authby=secret
pfs=yes
auto=start
Save the settings and restart vpn on both ends. Your VPN should start rocking by now. Ping from the 192.168.4.0/24 LAN to the Amazon IPSec Server's Private IP and it should be replying.
Please always read logs on both the router and the linux server very carefully and figure out what they are trying to communicate. Without any logs I probably would never had created this VPN.
I hope it be of some help to someone. Have a great day.
This is a setup which I assisted one of my friend in creating a VPN between a Static IP Linksys Router and an Amazon cloud based server. Since we all know that Amazon cloud servers don't actually have a static public IP assigned to them instead they've a One-to-One NAT mechanism at the best so this becomes a bit trickier for anyone new to the OpenSWAN or IPSec in Linuxes.
Regardless of the Operating System the openswan package needs to be installed on the server properly. Please refer to other blogs or Google in order to install ipsec service. See this references in this link:
The topology we'll be working on is defined in the diagram below.
Now get to the configurations.
The ipsec.conf file contains these:
config setup
interfaces=%defaultroute
klipsdebug=all
plutodebug=all
protostack=netkey
nat_traversal=yes
conn Linksys
type=tunnel
left=10.2.147.164
leftnexthop=%defaultroute
leftsubnet=10.2.147.164/26
right=120.121.122.123
rightnexthop=%defaultroute
rightsubnet=192.168.4.0/24
auth=esp
keyexchange=ike
authby=secret
pfs=yes
auto=start
And ipsec.secrets contains this:
10.2.147.164 120.121.122.123 : PSK "y0ur_S3cret_PSK_k3y"
Lets quickly get to the Linksys router and adjust the router according to the following settings.
Move to the VPN tab after logging in to the Linksys router.
Please always read logs on both the router and the linux server very carefully and figure out what they are trying to communicate. Without any logs I probably would never had created this VPN.
I hope it be of some help to someone. Have a great day.