Wednesday, 29 April 2015

IPSec VPN (PSK Authentication) using Libreswan in RHEL7

Pre-Shared Key (PSK) Authentication:

PSK Authentication is based on both the hosts having a "shared" secret key. Both the hosts should have the same secret key to authenticate each other.

The security of a PSK system is based on the PSK being secret. Therefore, a major issue is the secure distribution of the PSK to remote hosts.    

Consider 2 hosts: 192.168.122.2 and 192.168.122.3
An IPSec VPN tunnel will be established between these 2 hosts.
 
On both the machines, run the following commands:
 1) Install package
     yum -y install libreswan

2) Open firewall ports. 500/udp, protocol=esp
     firewall-cmd --zone=public --add-port=500/udp --permanent
     firewall-cmd --add-rich-rule='rule protocol value="esp" accept' --permanent
     firewall-cmd --reload

3) Edit the file '/etc/ipsec.secrets' and add the following entry.
      192.168.122.2 192.168.122.3 : PSK "!shabbir2009@"

4) Edit the file '/etc/ipsec.conf' and add the following entry.
      conn mytunnel
          left=192.168.122.2
          right=192.168.122.3
          authby=secret
          auto=add

     Note: Remember to maintain indentation as shown above. Also don't leave any blank lines in between the entries..

5) Start the service
       systemctl start ipsec

On any one machine, run the following commands:
6) Add the connection to the internal database.
      ipsec auto --add mytunnel
   
7) Establish  the connection.
      ipsec auto --up mytunnel
      
8) View Status
      ipsec auto --status

No comments:

Post a Comment