Skip to content

Instantly share code, notes, and snippets.

@yilas

yilas/VPN_IPsec_PSK_noNAT.markdown

Created February 24, 2016 13:37
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save yilas/1860345d8d06d2002ea0 to your computer and use it in GitHub Desktop.
Save yilas/1860345d8d06d2002ea0 to your computer and use it in GitHub Desktop.
Download ZIP
VPN IPsec PSK between 2 VM separated by a router
Raw
VPN_IPsec_PSK_noNAT.markdown 
[root@vm-2-100 ~]# cat /etc/ipsec.conf
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual:     ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf

version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
    # Debug-logging controls:  "none" for (almost) none, "all" for lots.
    # klipsdebug=none
    # plutodebug="control parsing"
    # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
    protostack=netkey
    nat_traversal=yes
    virtual_private=
    oe=off
    # Enable this if you see "failed to find any available worker"
    # nhelpers=0

#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
#include /etc/ipsec.d/*.conf

conn StateSecrets
    type=tunnel
    authby=secret
    auto=start
    pfs=no
    ike=aes256-sha1;modp1024
    phase2alg=aes256-sha1;modp1024
    aggrmode=no
    left=192.168.2.100
    right=192.168.3.100
    leftsubnet=192.168.2.0/24
    rightsubnet=192.168.3.0/24

[root@vm-2-100 ~]# cat /etc/ipsec.d/psk.secrets
%any %any : PSK "preshared key"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment