Difference between revisions of "Configuration examples"

From Libreswan
Jump to navigation Jump to search
(Created page with " Below are the most common type of IPsec configurations people use. While written for libreswan, the instructions will work for openswan as well unless specifically noted. * ...")
 
 
(31 intermediate revisions by 3 users not shown)
Line 2: Line 2:
 
Below are the most common type of IPsec configurations people use. While written for libreswan, the instructions will work for openswan as well unless specifically noted.
 
Below are the most common type of IPsec configurations people use. While written for libreswan, the instructions will work for openswan as well unless specifically noted.
  
* Libreswan IPsec on both sides of the tunnel
+
= VPN server to VPN server configurations =
  
 
[[ host to host VPN ]]
 
[[ host to host VPN ]]
Line 8: Line 8:
 
[[ subnet to subnet VPN ]]
 
[[ subnet to subnet VPN ]]
  
* Libreswan IPsec server with third party clients
+
[[ host to host VPN with PSK ]]
  
* Libreswan IPsec client with third party servers
+
[[ subnet to subnet VPN with PSK ]]
 +
 
 +
[[ route-based VPN using VTI ]]
 +
 
 +
[[ EoIP shared ethernet LAN using IPsec ]]
 +
 
 +
[[ subnet to subnet using NAT ]]
 +
 
 +
[[ SElinux and Labeled IPsec VPN ]]
 +
 
 +
= VPN server for VPN client configurations =
 +
 
 +
[[ VPN server for remote clients using IKEv2 ]]
 +
 
 +
[[ VPN server for remote clients using IKEv2 split VPN ]]
 +
 
 +
[[ VPN server for remote clients using IKEv1 XAUTH with Certificates ]]
 +
 
 +
[[ VPN server for remote clients using IKEv1 XAUTH with PSK ]]
 +
 
 +
[[ VPN server for remote clients using IKEv1 with L2TP ]]
 +
 
 +
[[ libreswan as client to a Cisco (ASA or VPN3000) server ]]
 +
 
 +
[[ IKEv1 XAUTH with Google-Authenticator One Time Passwords (OTP) ]]
 +
 
 +
[[ IKEv1 XAUTH with FreeOTP and FreeIPA ]]
 +
 
 +
[[ subnet extrusion ]]
 +
 
 +
= VPN configurations to connect to cloud providers =
 +
 
 +
[https://aws.amazon.com/quickstart/architecture/libreswan-ipsec-mesh/  Opportunistic IPsec mesh for Amazon EC2 instances on AWS]
 +
 
 +
[https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/libreswan.htm Creating a Secure Connection Between Oracle Cloud Infrastructure and Other Cloud Providers with Libreswan]
 +
 
 +
[https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall Using libreswan in OpenStack as VPNaaS]
 +
 
 +
[[ High Availability / Failover VPN in AWS using libreswan ]]
 +
 
 +
[[ Microsoft Azure configuration ]]
 +
 
 +
[https://docs.openshift.com/container-platform/3.3/admin_guide/ipsec.html OpenShift Cloud Encryption with libreswan]
 +
 
 +
= Misc items =
 +
 
 +
[[ Using Apache to serve PKCS#12 format .p12 files ]]
 +
 
 +
[[ RFC 8229 - TCP support for IKEv2 and ESP ]]

Latest revision as of 06:01, 16 September 2020

Below are the most common type of IPsec configurations people use. While written for libreswan, the instructions will work for openswan as well unless specifically noted.

VPN server to VPN server configurations

host to host VPN

subnet to subnet VPN

host to host VPN with PSK

subnet to subnet VPN with PSK

route-based VPN using VTI

EoIP shared ethernet LAN using IPsec

subnet to subnet using NAT

SElinux and Labeled IPsec VPN

VPN server for VPN client configurations

VPN server for remote clients using IKEv2

VPN server for remote clients using IKEv2 split VPN

VPN server for remote clients using IKEv1 XAUTH with Certificates

VPN server for remote clients using IKEv1 XAUTH with PSK

VPN server for remote clients using IKEv1 with L2TP

libreswan as client to a Cisco (ASA or VPN3000) server

IKEv1 XAUTH with Google-Authenticator One Time Passwords (OTP)

IKEv1 XAUTH with FreeOTP and FreeIPA

subnet extrusion

VPN configurations to connect to cloud providers

Opportunistic IPsec mesh for Amazon EC2 instances on AWS

Creating a Secure Connection Between Oracle Cloud Infrastructure and Other Cloud Providers with Libreswan

Using libreswan in OpenStack as VPNaaS

High Availability / Failover VPN in AWS using libreswan

Microsoft Azure configuration

OpenShift Cloud Encryption with libreswan

Misc items

Using Apache to serve PKCS#12 format .p12 files

RFC 8229 - TCP support for IKEv2 and ESP