· Download and Install (in this method use RPM Package, but for configuration same with another distro)
· Edit /etc/ipsec.conf file,version 2.0config setup interfaces=%defaultroute klipsdebug=none plutodebug=none nat_traversal=yes
· Add this script into ipsec.conf fileconn vpn-ipsec authby=secret pfs=no left=[IP Client] right=[IP Interface to Client] rightsubnet=[subnet] auto=add keyingtries=0
*) rightsubnet used to HOST-to-Network connection. If it Host-to-Host you didn’t configure this script.
· Create /etc/ipsec.secrets file to save presharedkey or certificate: PSK "[password]": RSA {# RSA 2192 bits# for signatures only, UNSAFE FOR ENCRYPTION#pubkey=0sAQ......Modulus: 0xa0........PublicExponent: 0x03# everything after this point is secretPrivateExponent: 0x1a....}[Client IP] [Server IP]: PSK "[password]"
· Open the Firewall for UDP port 500 dan PROTO ESP-A INPUT -i eth0 -p udp --dport 500 -j ACCEPT-A INPUT -p esp -j ACCEPT
No comments:
Post a Comment