Configuration examples: Difference between revisions

From Libreswan
Jump to navigation Jump to search
No edit summary
(mention testsuite, badly)
 
(7 intermediate revisions by 2 users not shown)
Line 17: Line 17:


[[ subnet to subnet using NAT ]]
[[ subnet to subnet using NAT ]]
[[ SElinux and Labeled IPsec VPN ]]


= VPN server for VPN client configurations =
= VPN server for VPN client configurations =


[[ VPN server for remote clients using IKEv2 ]]
[[ VPN server for remote clients using IKEv2 ]]
[[ VPN server for remote clients using IKEv2 split VPN ]]


[[ VPN server for remote clients using IKEv1 XAUTH with Certificates ]]
[[ VPN server for remote clients using IKEv1 XAUTH with Certificates ]]
Line 37: Line 41:


= VPN configurations to connect to cloud providers =
= VPN configurations to connect to cloud providers =
[https://aws.amazon.com/quickstart/architecture/libreswan-ipsec-mesh/  Opportunistic IPsec mesh for Amazon EC2 instances on AWS]
[https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/libreswan.htm Creating a Secure Connection Between Oracle Cloud Infrastructure and Other Cloud Providers with Libreswan]


[https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall Using libreswan in OpenStack as VPNaaS]
[https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall Using libreswan in OpenStack as VPNaaS]
Line 43: Line 51:


[[ Microsoft Azure configuration ]]
[[ Microsoft Azure configuration ]]
[https://docs.openshift.com/container-platform/3.3/admin_guide/ipsec.html OpenShift Cloud Encryption with libreswan]
= Libreswan's Test Cases =
Libreswan's [https://github.com/libreswan/libreswan/tree/main/testing/pluto/TESTLIST testsuite] is also a good source of examples.
Especially when looking for something demonstrating a more esoteric feature or option.
In addition, the [https://testing.libreswan.org/ test results] are published [https://testing.libreswan.org/current nightly] (see also [[ Test Suite ]]).


= Misc items =
= Misc items =


[[ Using Apache to serve PKCS#12 format .p12 files ]]
[[ Using Apache to serve PKCS#12 format .p12 files ]]
[[ RFC 8229 - TCP support for IKEv2 and ESP ]]

Latest revision as of 16:47, 4 March 2024

Below are the most common type of IPsec configurations people use. While written for libreswan, the instructions will work for openswan as well unless specifically noted.

VPN server to VPN server configurations

host to host VPN

subnet to subnet VPN

host to host VPN with PSK

subnet to subnet VPN with PSK

route-based VPN using VTI

EoIP shared ethernet LAN using IPsec

subnet to subnet using NAT

SElinux and Labeled IPsec VPN

VPN server for VPN client configurations

VPN server for remote clients using IKEv2

VPN server for remote clients using IKEv2 split VPN

VPN server for remote clients using IKEv1 XAUTH with Certificates

VPN server for remote clients using IKEv1 XAUTH with PSK

VPN server for remote clients using IKEv1 with L2TP

libreswan as client to a Cisco (ASA or VPN3000) server

IKEv1 XAUTH with Google-Authenticator One Time Passwords (OTP)

IKEv1 XAUTH with FreeOTP and FreeIPA

subnet extrusion

VPN configurations to connect to cloud providers

Opportunistic IPsec mesh for Amazon EC2 instances on AWS

Creating a Secure Connection Between Oracle Cloud Infrastructure and Other Cloud Providers with Libreswan

Using libreswan in OpenStack as VPNaaS

High Availability / Failover VPN in AWS using libreswan

Microsoft Azure configuration

OpenShift Cloud Encryption with libreswan

Libreswan's Test Cases

Libreswan's testsuite is also a good source of examples. Especially when looking for something demonstrating a more esoteric feature or option.

In addition, the test results are published nightly (see also Test Suite ).

Misc items

Using Apache to serve PKCS#12 format .p12 files

RFC 8229 - TCP support for IKEv2 and ESP