Host to host VPN
This example sets up an IPsec connection between two hosts called "east" and "west". Libreswan uses the terms "left" and "right" to describe endpoints. We will use left for west and east for right. We will be using raw RSA keys, and not pre shared keys (PSK) because it is safer (and easier!)
Generate a raw RSA host key on each end and show the key for use in our configuration file.
[root@west ~]# ipsec newhostkey --output /etc/ipsec.secrets --bits 4096 --configdir /etc/ipsec.d Generated RSA key pair using the NSS database [root@west ~]# ipsec showhostkey --left # rsakey AQOrlo+hO leftrsasigkey=0sAQOrlo+hOafUZDlCQmXFrje/oZmkySRJH+nSngA/+WdVMQlViLIR4PcC/OBLYs8JLqwQUWgQYmkEGSyFWyeJFMWhje90uZWIknJg8tzzsHBRU0555va9N9yjV4km0u+SCqmD65LEdDzoN+VkELejhRDHO05rkVhCn6jRJf+ZKiyMMGTkYmN9hnrfvecZ2JsMekqqlk8SxFjLN0szdOuH7gN2wxsb+hy4KajVgY7qJ0i4updi0KxBvfQ5zd8XTEJQSnzgvcZysuzQnsan2nE0uGBaj4XCwHwcOHxiLiH1ob1ARYyzscQmqtQhnOYuVczxYRs3m6ZMnNUlufLEw6pWMQacQ2rBm1ViR9SlPcWLSBV8Se14HXrpmA6m1hy+H0S5z+R2RTXWxUEmbAjpZZtuY+xlfypM3mWTBXsEW2bYuLQyMbCw7BCiQ4eVYf8lEmAIbQspu7ekqiibMbbsdFcwAgKOpLsO3Xxo9VlCDerVqLwT2ipXNUdFdc5go2imGu4coSQVpZPMd96lUglHWdNSKoDgqjRITiWtRDM2Jvq6LwRzAQXTJiaOTlSXj/woxGHWRhVCLlQlXg3lxBYam85sGETh1HfEpXXpvoI+6zBMNtti6oMuEBRFDxDKcMsORVI6/9ObRbE4xPXqgaYGgdlmynZqPDW2n417C/4urYHQkCvuIQ== [root@west ~]#
Repeat for east using right:
[root@east ~]# ipsec newhostkey --output /etc/ipsec.secrets --bits 4096 --configdir /etc/ipsec.d Generated RSA key pair using the NSS database [root@east ~]# ipsec showhostkey --right # rsakey AQO3fwC6n rightrsasigkey=0sAQO3fwC6nSSGgt64DWiYZzuHbc4+oIiOVsD2UF0EKNjNcARP1NH0Qsp9VbsHT [...] 3trD/v8t5YTQ==
# rsakey AQO3fwC6n rightrsasigkey=0sAQO3fwC6nSSGgt64DWiYZzuHbc4+oIiOVsD2UF0EKNjNcARP1NH0Qsp9VbsHTybLI0A3jYEHOIM36LYEjHeGC0MGMC6VpgsMzeJqmyz2tmBnk4qkhrcEIuquXQ23f1oenjg7EBIAIUa8s6UzfqbWFOlyUUockJHhQJnqnODS939/ieqBymMBKo3LQqwLiLFnoZY+rAn8RsqLKg5ECy9FFWhMZQrH/lo5/nAHdn2GxeyoYaLRm9gX44rBUQG9wuChLlyrRM1M2IW9pWQ7ZhO1gIXCNlPSADfEh33SOXRLe+v2Kyz/U8VFc+aCNclemHqZU4/KBPCUDdPPGl2Xq95trI75G5eiYbBToWEqg1iqF8ylxmSWlogK9m/QksRnf0jEZCChY++14QUCV1N+BtOctr87IHyWM+5X+mwxf0apHdrO2ORILYuZRmLfjnPVVJyErtmT6PQKqLIfOfXeg5Zksp0h6PLKTFAuiT0wbMtCqSQYh+eeDiZ90VuzLfdB5F8pKw+hGY984JeLA4E0xpmuOQ6H1JikuyEMBMFVnm0k0Z0+PBDnO+iWdMSflw9p2Z0P9YTEISpZ5LXY1hRQjt0chSMMlmG+douYie8n2Nf40qhYLMDE4ca78js3pwrLhPFI53d26qSXVPVVr+wVFgf8OlDseuUAgy3ECF3trD/v8t5YTQ==