Configuration examples: Difference between revisions

From Libreswan
Jump to navigation Jump to search
mNo edit summary
(mention testsuite, badly)
 
(12 intermediate revisions by 2 users not shown)
Line 15: Line 15:


[[ EoIP shared ethernet LAN using IPsec ]]
[[ EoIP shared ethernet LAN using IPsec ]]
[[ subnet to subnet using NAT ]]
[[ SElinux and Labeled IPsec VPN ]]


= VPN server for VPN client configurations =
= VPN server for VPN client configurations =


[[ VPN server for remote clients using IKEv2 ]]
[[ VPN server for remote clients using IKEv2 ]]
[[ VPN server for remote clients using IKEv2 split VPN ]]


[[ VPN server for remote clients using IKEv1 XAUTH with Certificates ]]
[[ VPN server for remote clients using IKEv1 XAUTH with Certificates ]]


[[ VPN server for remote clients using IKEv1 XAUTH with PSK ]]
[[ VPN server for remote clients using IKEv1 XAUTH with PSK ]]
[[ VPN server for remote clients using IKEv1 with L2TP ]]


[[ libreswan as client to a Cisco (ASA or VPN3000) server ]]
[[ libreswan as client to a Cisco (ASA or VPN3000) server ]]
Line 31: Line 39:


[[ subnet extrusion ]]
[[ subnet extrusion ]]
= VPN configurations to connect to cloud providers =
[https://aws.amazon.com/quickstart/architecture/libreswan-ipsec-mesh/  Opportunistic IPsec mesh for Amazon EC2 instances on AWS]
[https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/libreswan.htm Creating a Secure Connection Between Oracle Cloud Infrastructure and Other Cloud Providers with Libreswan]


[https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall Using libreswan in OpenStack as VPNaaS]
[https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall Using libreswan in OpenStack as VPNaaS]


[[ High Availability / Failover VPN in AWS using libreswan ]]
[[ High Availability / Failover VPN in AWS using libreswan ]]
[[ Microsoft Azure configuration ]]
[https://docs.openshift.com/container-platform/3.3/admin_guide/ipsec.html OpenShift Cloud Encryption with libreswan]
= Libreswan's Test Cases =
Libreswan's [https://github.com/libreswan/libreswan/tree/main/testing/pluto/TESTLIST testsuite] is also a good source of examples.
Especially when looking for something demonstrating a more esoteric feature or option.
In addition, the [https://testing.libreswan.org/ test results] are published [https://testing.libreswan.org/current nightly] (see also [[ Test Suite ]]).
= Misc items =


[[ Using Apache to serve PKCS#12 format .p12 files ]]
[[ Using Apache to serve PKCS#12 format .p12 files ]]
[[ RFC 8229 - TCP support for IKEv2 and ESP ]]

Latest revision as of 16:47, 4 March 2024

Below are the most common type of IPsec configurations people use. While written for libreswan, the instructions will work for openswan as well unless specifically noted.

VPN server to VPN server configurations

host to host VPN

subnet to subnet VPN

host to host VPN with PSK

subnet to subnet VPN with PSK

route-based VPN using VTI

EoIP shared ethernet LAN using IPsec

subnet to subnet using NAT

SElinux and Labeled IPsec VPN

VPN server for VPN client configurations

VPN server for remote clients using IKEv2

VPN server for remote clients using IKEv2 split VPN

VPN server for remote clients using IKEv1 XAUTH with Certificates

VPN server for remote clients using IKEv1 XAUTH with PSK

VPN server for remote clients using IKEv1 with L2TP

libreswan as client to a Cisco (ASA or VPN3000) server

IKEv1 XAUTH with Google-Authenticator One Time Passwords (OTP)

IKEv1 XAUTH with FreeOTP and FreeIPA

subnet extrusion

VPN configurations to connect to cloud providers

Opportunistic IPsec mesh for Amazon EC2 instances on AWS

Creating a Secure Connection Between Oracle Cloud Infrastructure and Other Cloud Providers with Libreswan

Using libreswan in OpenStack as VPNaaS

High Availability / Failover VPN in AWS using libreswan

Microsoft Azure configuration

OpenShift Cloud Encryption with libreswan

Libreswan's Test Cases

Libreswan's testsuite is also a good source of examples. Especially when looking for something demonstrating a more esoteric feature or option.

In addition, the test results are published nightly (see also Test Suite ).

Misc items

Using Apache to serve PKCS#12 format .p12 files

RFC 8229 - TCP support for IKEv2 and ESP