Introduction:
Virtual Private Network(VPN) is a method to create security and privacy between private as well as public networks. It is commonly used method used by companies for their webportal/mailbox. It allows encryption, authentication, integrity of data over a network. There a lot of softwares online to create a vpn connection but today's post will show you how to create vpn connection on Linux using StrongSwan. StrongSwan is an opensource project who provides
configuration setup to create VPN connection using IPSec. Internet Protocol Security ( IPsec ) is a set of protocols which sit on top of the Internet Protocol ( IP ) layer. It allows two or more hosts to communicate in a secure manner by authenticating and encrypting each IP packet of a communication session.
Reference:
Go to download directory and install it in your linux system:
file: /usr/local/etc/ipsec.conf
directory: /usr/local/etc/ipsec.d
Edit ipsec.conf file:
3) Create /usr/local/etc/ipsec.secrets file ( if not present )
Add below code:
REMOTE_SYSTEM_IP,KEY_VALUE
Here, KEY_VALUE will be use to create connection with REMOTE_SYSTEM_IP.
Mentioned key must be same as that mentioned on another machine.
PSK is known as Pre Shared Key which is an implementation to encrypt data with provided keys. There is another type of implementation i.e PKI ( Public Key Infrastructure ), which you can refer from StrongSwan official website.
4) Now start ipsec on both systems:
5) Now check status of ipsec connection
Virtual Private Network(VPN) is a method to create security and privacy between private as well as public networks. It is commonly used method used by companies for their webportal/mailbox. It allows encryption, authentication, integrity of data over a network. There a lot of softwares online to create a vpn connection but today's post will show you how to create vpn connection on Linux using StrongSwan. StrongSwan is an opensource project who provides
configuration setup to create VPN connection using IPSec. Internet Protocol Security ( IPsec ) is a set of protocols which sit on top of the Internet Protocol ( IP ) layer. It allows two or more hosts to communicate in a secure manner by authenticating and encrypting each IP packet of a communication session.
Reference:
Steps: ( These steps need to do on
both system )
1) Download
Strongswan and
https://download.strongswan.org/strongswan-5.4.0.tar.gz
And
Official page to download Strongswan:
https://download.strongswan.org/Go to download directory and install it in your linux system:
tar -xvzf strongswan-5.4.0.tar.gz cd strongswan-5.4.0/install GNU Multiprecision libgmp, if not installed
sudo apt-get install libgmp3-dev ./configure make sudo make install cd strongswan-5.4.0/2) As i explained that Strongswan provide configuration files to configure for vpn using IPSec. Now you will find
file: /usr/local/etc/ipsec.conf
directory: /usr/local/etc/ipsec.d
Edit ipsec.conf file:
vi /usr/local/etc/ipsec.confAdd below code:
conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 keyexchange=ikev2 authby=secret conn CONNECTION_NAME left=YOUR_SYSTEM_IP leftfirewall=yes right=REMOTE_SYSTEM_IP auto=startIt is the basic and quick configuration for a vpn connection between two system.
Mention:
CONNECTION_NAME, YOUR_SYSTEM_IP,
REMOTE_SYSTEM_IP
Connection name is required because we
can create multiple connections in this conf file between multiple
systems. So by defining connection name, we can identify connection
settings for specific connection.
Add below code:
REMOTE_SYSTEM_IP : PSK KEY_VALUE[KEY MUST BE SAME ON BOTH SYSTEMS]Mention:
REMOTE_SYSTEM_IP,KEY_VALUE
Here, KEY_VALUE will be use to create connection with REMOTE_SYSTEM_IP.
Mentioned key must be same as that mentioned on another machine.
PSK is known as Pre Shared Key which is an implementation to encrypt data with provided keys. There is another type of implementation i.e PKI ( Public Key Infrastructure ), which you can refer from StrongSwan official website.
4) Now start ipsec on both systems:
ipsec start
5) Now check status of ipsec connection
ipsec statusall
You are Done!!
0 comments:
Post a Comment