Host to host VPN: Difference between revisions
Paul Wouters (talk | contribs) (Created page with "This example sets up an IPsec connection between two hosts called "east" and "west". Libreswan uses the terms "left" and "right" to describe endpoints. We will use left for we...") |
Paul Wouters (talk | contribs) No edit summary |
||
| Line 3: | Line 3: | ||
Generate a raw RSA host key on each end and show the key for use in our configuration file. | Generate a raw RSA host key on each end and show the key for use in our configuration file. | ||
< | <code> | ||
[root@west ~]# ipsec newhostkey --output /etc/ipsec.secrets --bits 4096 --configdir /etc/ipsec.d | [root@west ~]# ipsec newhostkey --output /etc/ipsec.secrets --bits 4096 --configdir /etc/ipsec.d | ||
Generated RSA key pair using the NSS database | Generated RSA key pair using the NSS database | ||
| Line 10: | Line 10: | ||
leftrsasigkey=0sAQOrlo+hOafUZDlCQmXFrje/oZmkySRJH+nSngA/+WdVMQlViLIR4PcC/OBLYs8JLqwQUWgQYmkEGSyFWyeJFMWhje90uZWIknJg8tzzsHBRU0555va9N9yjV4km0u+SCqmD65LEdDzoN+VkELejhRDHO05rkVhCn6jRJf+ZKiyMMGTkYmN9hnrfvecZ2JsMekqqlk8SxFjLN0szdOuH7gN2wxsb+hy4KajVgY7qJ0i4updi0KxBvfQ5zd8XTEJQSnzgvcZysuzQnsan2nE0uGBaj4XCwHwcOHxiLiH1ob1ARYyzscQmqtQhnOYuVczxYRs3m6ZMnNUlufLEw6pWMQacQ2rBm1ViR9SlPcWLSBV8Se14HXrpmA6m1hy+H0S5z+R2RTXWxUEmbAjpZZtuY+xlfypM3mWTBXsEW2bYuLQyMbCw7BCiQ4eVYf8lEmAIbQspu7ekqiibMbbsdFcwAgKOpLsO3Xxo9VlCDerVqLwT2ipXNUdFdc5go2imGu4coSQVpZPMd96lUglHWdNSKoDgqjRITiWtRDM2Jvq6LwRzAQXTJiaOTlSXj/woxGHWRhVCLlQlXg3lxBYam85sGETh1HfEpXXpvoI+6zBMNtti6oMuEBRFDxDKcMsORVI6/9ObRbE4xPXqgaYGgdlmynZqPDW2n417C/4urYHQkCvuIQ== | leftrsasigkey=0sAQOrlo+hOafUZDlCQmXFrje/oZmkySRJH+nSngA/+WdVMQlViLIR4PcC/OBLYs8JLqwQUWgQYmkEGSyFWyeJFMWhje90uZWIknJg8tzzsHBRU0555va9N9yjV4km0u+SCqmD65LEdDzoN+VkELejhRDHO05rkVhCn6jRJf+ZKiyMMGTkYmN9hnrfvecZ2JsMekqqlk8SxFjLN0szdOuH7gN2wxsb+hy4KajVgY7qJ0i4updi0KxBvfQ5zd8XTEJQSnzgvcZysuzQnsan2nE0uGBaj4XCwHwcOHxiLiH1ob1ARYyzscQmqtQhnOYuVczxYRs3m6ZMnNUlufLEw6pWMQacQ2rBm1ViR9SlPcWLSBV8Se14HXrpmA6m1hy+H0S5z+R2RTXWxUEmbAjpZZtuY+xlfypM3mWTBXsEW2bYuLQyMbCw7BCiQ4eVYf8lEmAIbQspu7ekqiibMbbsdFcwAgKOpLsO3Xxo9VlCDerVqLwT2ipXNUdFdc5go2imGu4coSQVpZPMd96lUglHWdNSKoDgqjRITiWtRDM2Jvq6LwRzAQXTJiaOTlSXj/woxGHWRhVCLlQlXg3lxBYam85sGETh1HfEpXXpvoI+6zBMNtti6oMuEBRFDxDKcMsORVI6/9ObRbE4xPXqgaYGgdlmynZqPDW2n417C/4urYHQkCvuIQ== | ||
[root@west ~]# | [root@west ~]# | ||
</ | </code> | ||
Repeat for east using right: | Repeat for east using right: | ||
Revision as of 01:43, 23 June 2013
This example sets up an IPsec connection between two hosts called "east" and "west". Libreswan uses the terms "left" and "right" to describe endpoints. We will use left for west and east for right. We will be using raw RSA keys, and not pre shared keys (PSK) because it is safer (and easier!)
Generate a raw RSA host key on each end and show the key for use in our configuration file.
[root@west ~]# ipsec newhostkey --output /etc/ipsec.secrets --bits 4096 --configdir /etc/ipsec.d
Generated RSA key pair using the NSS database
[root@west ~]# ipsec showhostkey --left
# rsakey AQOrlo+hO
leftrsasigkey=0sAQOrlo+hOafUZDlCQmXFrje/oZmkySRJH+nSngA/+WdVMQlViLIR4PcC/OBLYs8JLqwQUWgQYmkEGSyFWyeJFMWhje90uZWIknJg8tzzsHBRU0555va9N9yjV4km0u+SCqmD65LEdDzoN+VkELejhRDHO05rkVhCn6jRJf+ZKiyMMGTkYmN9hnrfvecZ2JsMekqqlk8SxFjLN0szdOuH7gN2wxsb+hy4KajVgY7qJ0i4updi0KxBvfQ5zd8XTEJQSnzgvcZysuzQnsan2nE0uGBaj4XCwHwcOHxiLiH1ob1ARYyzscQmqtQhnOYuVczxYRs3m6ZMnNUlufLEw6pWMQacQ2rBm1ViR9SlPcWLSBV8Se14HXrpmA6m1hy+H0S5z+R2RTXWxUEmbAjpZZtuY+xlfypM3mWTBXsEW2bYuLQyMbCw7BCiQ4eVYf8lEmAIbQspu7ekqiibMbbsdFcwAgKOpLsO3Xxo9VlCDerVqLwT2ipXNUdFdc5go2imGu4coSQVpZPMd96lUglHWdNSKoDgqjRITiWtRDM2Jvq6LwRzAQXTJiaOTlSXj/woxGHWRhVCLlQlXg3lxBYam85sGETh1HfEpXXpvoI+6zBMNtti6oMuEBRFDxDKcMsORVI6/9ObRbE4xPXqgaYGgdlmynZqPDW2n417C/4urYHQkCvuIQ==
[root@west ~]#
Repeat for east using right:
<quote> [root@east ~]# ipsec newhostkey --output /etc/ipsec.secrets --bits 4096 --configdir /etc/ipsec.d Generated RSA key pair using the NSS database [root@east ~]# ipsec showhostkey --right # rsakey AQO3fwC6n rightrsasigkey=0sAQO3fwC6nSSGgt64DWiYZzuHbc4+oIiOVsD2UF0EKNjNcARP1NH0Qsp9VbsHT [...] 3trD/v8t5YTQ==
# rsakey AQO3fwC6n
rightrsasigkey=0sAQO3fwC6nSSGgt64DWiYZzuHbc4+oIiOVsD2UF0EKNjNcARP1NH0Qsp9VbsHTybLI0A3jYEHOIM36LYEjHeGC0MGMC6VpgsMzeJqmyz2tmBnk4qkhrcEIuquXQ23f1oenjg7EBIAIUa8s6UzfqbWFOlyUUockJHhQJnqnODS939/ieqBymMBKo3LQqwLiLFnoZY+rAn8RsqLKg5ECy9FFWhMZQrH/lo5/nAHdn2GxeyoYaLRm9gX44rBUQG9wuChLlyrRM1M2IW9pWQ7ZhO1gIXCNlPSADfEh33SOXRLe+v2Kyz/U8VFc+aCNclemHqZU4/KBPCUDdPPGl2Xq95trI75G5eiYbBToWEqg1iqF8ylxmSWlogK9m/QksRnf0jEZCChY++14QUCV1N+BtOctr87IHyWM+5X+mwxf0apHdrO2ORILYuZRmLfjnPVVJyErtmT6PQKqLIfOfXeg5Zksp0h6PLKTFAuiT0wbMtCqSQYh+eeDiZ90VuzLfdB5F8pKw+hGY984JeLA4E0xpmuOQ6H1JikuyEMBMFVnm0k0Z0+PBDnO+iWdMSflw9p2Z0P9YTEISpZ5LXY1hRQjt0chSMMlmG+douYie8n2Nf40qhYLMDE4ca78js3pwrLhPFI53d26qSXVPVVr+wVFgf8OlDseuUAgy3ECF3trD/v8t5YTQ==
</quote>