Sunday, July 28, 2013

Linux IPSec VPN-2: Amazon Cloud Sever & Linksys Router

This is a post in response to a comment made earlier on my previous blog post on Linux IPSec Setup asking for assistance. So here's what I could possibly do to help the needy.

This is a setup which I assisted one of my friend in creating a VPN between a Static IP Linksys Router and an Amazon cloud based server. Since we all know that Amazon cloud servers don't actually have a static public IP assigned to them instead they've a One-to-One NAT mechanism at the best so this becomes a bit trickier for anyone new to the OpenSWAN or IPSec in Linuxes.

Regardless of the Operating System the openswan package needs to be installed on the server properly. Please refer to other blogs or Google in order to install ipsec service. See this references in this link:

The topology we'll be working on is defined in the diagram below.


Now get to the configurations.

The ipsec.conf file contains these:

config setup
        interfaces=%defaultroute
        klipsdebug=all
        plutodebug=all
        protostack=netkey
        nat_traversal=yes
conn Linksys
        type=tunnel
        left=10.2.147.164
        leftnexthop=%defaultroute
        leftsubnet=10.2.147.164/26
        right=120.121.122.123
        rightnexthop=%defaultroute
        rightsubnet=192.168.4.0/24
        auth=esp
        keyexchange=ike
        authby=secret
        pfs=yes
        auto=start

And ipsec.secrets contains this:

10.2.147.164 120.121.122.123 : PSK  "y0ur_S3cret_PSK_k3y"

Lets quickly get to the Linksys router and adjust the router according to the following settings.

Move to the VPN tab after logging in to the Linksys router.




Save the settings and restart vpn on both ends. Your VPN should start rocking by now. Ping from the 192.168.4.0/24 LAN to the Amazon IPSec Server's Private IP and it should be replying.

Please always read logs on both the router and the linux server very carefully and figure out what they are trying to communicate. Without any logs I probably would never had created this VPN.

I hope it be of some help to someone. Have a great day.

5 comments:

  1. V good ..... i really need it.......is that possible that we can also setup pptp/l2tp for dialup VPN on same machine.

    Thanks
    infosec.pk

    ReplyDelete
    Replies
    1. Ofcourse that's possible as well since the pptpd can be executed and started independently. Both IPSec and L2TP will behave separately.
      I suggest you get a Vyatta installed on your Amazon instance rather a plain Linux OS. Will give you lots of relevant things easily.

      Delete
  2. I enjoyed the tips you are providing on your website. Linksys Router Tech Support can make one’s help technical service. Thanks for the information……..
    Linksys Router Support please visit the link.

    Thankyou
    Lacy Brown

    ReplyDelete
  3. Hi, the post is really nice very few of technology blogs having information about Linksys Router Support setup the post is so helpful for technical professionals.
    Linksys Router Support please visit the link.

    Thankyou
    Lacy Brown

    ReplyDelete
  4. I am attempting something similar to this. I am using a Cisco however. The problem is that the Cisco is trying to negotiate with, and looking for the key on the default outbound of the cloud service. What I mean is that is say the peer is the default outbound, and not the ip addreess that i have assigned to use as the one-to-one.
    It looks like this:
    Peer: X.X.X.35 port 50356
    but the peer I have set on the cisco config is this
    X.X.X.126

    Do you happen to have an idea of what this is? Is it the /etc/ipsec.d/CustomTunnel.conf configuration that is causing this?

    ReplyDelete