Host to host VPN: Difference between revisions

From Libreswan
Jump to navigation Jump to search
No edit summary
No edit summary
Line 14: Line 14:
Repeat for east using right:
Repeat for east using right:


<quote>
<code>
[root@east ~]# ipsec newhostkey --output /etc/ipsec.secrets --bits 4096 --configdir /etc/ipsec.d
[root@east ~]# ipsec newhostkey --output /etc/ipsec.secrets --bits 4096 --configdir /etc/ipsec.d
Generated RSA key pair using the NSS database
Generated RSA key pair using the NSS database
Line 23: Line 23:
# rsakey AQO3fwC6n
# rsakey AQO3fwC6n
       rightrsasigkey=0sAQO3fwC6nSSGgt64DWiYZzuHbc4+oIiOVsD2UF0EKNjNcARP1NH0Qsp9VbsHTybLI0A3jYEHOIM36LYEjHeGC0MGMC6VpgsMzeJqmyz2tmBnk4qkhrcEIuquXQ23f1oenjg7EBIAIUa8s6UzfqbWFOlyUUockJHhQJnqnODS939/ieqBymMBKo3LQqwLiLFnoZY+rAn8RsqLKg5ECy9FFWhMZQrH/lo5/nAHdn2GxeyoYaLRm9gX44rBUQG9wuChLlyrRM1M2IW9pWQ7ZhO1gIXCNlPSADfEh33SOXRLe+v2Kyz/U8VFc+aCNclemHqZU4/KBPCUDdPPGl2Xq95trI75G5eiYbBToWEqg1iqF8ylxmSWlogK9m/QksRnf0jEZCChY++14QUCV1N+BtOctr87IHyWM+5X+mwxf0apHdrO2ORILYuZRmLfjnPVVJyErtmT6PQKqLIfOfXeg5Zksp0h6PLKTFAuiT0wbMtCqSQYh+eeDiZ90VuzLfdB5F8pKw+hGY984JeLA4E0xpmuOQ6H1JikuyEMBMFVnm0k0Z0+PBDnO+iWdMSflw9p2Z0P9YTEISpZ5LXY1hRQjt0chSMMlmG+douYie8n2Nf40qhYLMDE4ca78js3pwrLhPFI53d26qSXVPVVr+wVFgf8OlDseuUAgy3ECF3trD/v8t5YTQ==
       rightrsasigkey=0sAQO3fwC6nSSGgt64DWiYZzuHbc4+oIiOVsD2UF0EKNjNcARP1NH0Qsp9VbsHTybLI0A3jYEHOIM36LYEjHeGC0MGMC6VpgsMzeJqmyz2tmBnk4qkhrcEIuquXQ23f1oenjg7EBIAIUa8s6UzfqbWFOlyUUockJHhQJnqnODS939/ieqBymMBKo3LQqwLiLFnoZY+rAn8RsqLKg5ECy9FFWhMZQrH/lo5/nAHdn2GxeyoYaLRm9gX44rBUQG9wuChLlyrRM1M2IW9pWQ7ZhO1gIXCNlPSADfEh33SOXRLe+v2Kyz/U8VFc+aCNclemHqZU4/KBPCUDdPPGl2Xq95trI75G5eiYbBToWEqg1iqF8ylxmSWlogK9m/QksRnf0jEZCChY++14QUCV1N+BtOctr87IHyWM+5X+mwxf0apHdrO2ORILYuZRmLfjnPVVJyErtmT6PQKqLIfOfXeg5Zksp0h6PLKTFAuiT0wbMtCqSQYh+eeDiZ90VuzLfdB5F8pKw+hGY984JeLA4E0xpmuOQ6H1JikuyEMBMFVnm0k0Z0+PBDnO+iWdMSflw9p2Z0P9YTEISpZ5LXY1hRQjt0chSMMlmG+douYie8n2Nf40qhYLMDE4ca78js3pwrLhPFI53d26qSXVPVVr+wVFgf8OlDseuUAgy3ECF3trD/v8t5YTQ==
</quote>
</code>

Revision as of 02:43, 23 June 2013

This example sets up an IPsec connection between two hosts called "east" and "west". Libreswan uses the terms "left" and "right" to describe endpoints. We will use left for west and east for right. We will be using raw RSA keys, and not pre shared keys (PSK) because it is safer (and easier!)

Generate a raw RSA host key on each end and show the key for use in our configuration file.

[root@west ~]# ipsec newhostkey --output /etc/ipsec.secrets --bits 4096 --configdir /etc/ipsec.d Generated RSA key pair using the NSS database [root@west ~]# ipsec showhostkey --left # rsakey AQOrlo+hO leftrsasigkey=0sAQOrlo+hOafUZDlCQmXFrje/oZmkySRJH+nSngA/+WdVMQlViLIR4PcC/OBLYs8JLqwQUWgQYmkEGSyFWyeJFMWhje90uZWIknJg8tzzsHBRU0555va9N9yjV4km0u+SCqmD65LEdDzoN+VkELejhRDHO05rkVhCn6jRJf+ZKiyMMGTkYmN9hnrfvecZ2JsMekqqlk8SxFjLN0szdOuH7gN2wxsb+hy4KajVgY7qJ0i4updi0KxBvfQ5zd8XTEJQSnzgvcZysuzQnsan2nE0uGBaj4XCwHwcOHxiLiH1ob1ARYyzscQmqtQhnOYuVczxYRs3m6ZMnNUlufLEw6pWMQacQ2rBm1ViR9SlPcWLSBV8Se14HXrpmA6m1hy+H0S5z+R2RTXWxUEmbAjpZZtuY+xlfypM3mWTBXsEW2bYuLQyMbCw7BCiQ4eVYf8lEmAIbQspu7ekqiibMbbsdFcwAgKOpLsO3Xxo9VlCDerVqLwT2ipXNUdFdc5go2imGu4coSQVpZPMd96lUglHWdNSKoDgqjRITiWtRDM2Jvq6LwRzAQXTJiaOTlSXj/woxGHWRhVCLlQlXg3lxBYam85sGETh1HfEpXXpvoI+6zBMNtti6oMuEBRFDxDKcMsORVI6/9ObRbE4xPXqgaYGgdlmynZqPDW2n417C/4urYHQkCvuIQ== [root@west ~]#

Repeat for east using right:

[root@east ~]# ipsec newhostkey --output /etc/ipsec.secrets --bits 4096 --configdir /etc/ipsec.d Generated RSA key pair using the NSS database [root@east ~]# ipsec showhostkey --right # rsakey AQO3fwC6n rightrsasigkey=0sAQO3fwC6nSSGgt64DWiYZzuHbc4+oIiOVsD2UF0EKNjNcARP1NH0Qsp9VbsHT [...] 3trD/v8t5YTQ==

# rsakey AQO3fwC6n 

      rightrsasigkey=0sAQO3fwC6nSSGgt64DWiYZzuHbc4+oIiOVsD2UF0EKNjNcARP1NH0Qsp9VbsHTybLI0A3jYEHOIM36LYEjHeGC0MGMC6VpgsMzeJqmyz2tmBnk4qkhrcEIuquXQ23f1oenjg7EBIAIUa8s6UzfqbWFOlyUUockJHhQJnqnODS939/ieqBymMBKo3LQqwLiLFnoZY+rAn8RsqLKg5ECy9FFWhMZQrH/lo5/nAHdn2GxeyoYaLRm9gX44rBUQG9wuChLlyrRM1M2IW9pWQ7ZhO1gIXCNlPSADfEh33SOXRLe+v2Kyz/U8VFc+aCNclemHqZU4/KBPCUDdPPGl2Xq95trI75G5eiYbBToWEqg1iqF8ylxmSWlogK9m/QksRnf0jEZCChY++14QUCV1N+BtOctr87IHyWM+5X+mwxf0apHdrO2ORILYuZRmLfjnPVVJyErtmT6PQKqLIfOfXeg5Zksp0h6PLKTFAuiT0wbMtCqSQYh+eeDiZ90VuzLfdB5F8pKw+hGY984JeLA4E0xpmuOQ6H1JikuyEMBMFVnm0k0Z0+PBDnO+iWdMSflw9p2Z0P9YTEISpZ5LXY1hRQjt0chSMMlmG+douYie8n2Nf40qhYLMDE4ca78js3pwrLhPFI53d26qSXVPVVr+wVFgf8OlDseuUAgy3ECF3trD/v8t5YTQ==

Retrieved from "https://libreswan.org/wiki/index.php?title=Host_to_host_VPN&oldid=3232"