IPSec Tunnel

How to configure an IPSec Tunnel in CentOS

Install ipsec-tools package

yum -y install ipsec-tools

Configuring an IPSec Tunnel on CentOS is fairly straightforward.

In the example, we’ll tunnel between fictitious servers with public addresses in Boston and Seattle. For Boston we’ll use ipsecbos.centoshowtos.org – 216.52.2.41 and for Seattle ipsecsea.centoshowtos.org – 141.136.108.122.

Create ifcfg-ipsec1 Configuration Files and keys-ipsec1

Configuration files for the IPSec tunnel live alongside your CentOS network device files in /etc/sysconfig/network-scripts/. We will also need to create a keys file keys-ipsec1 which contains the Pre-shared key (PSK) that should match on both ends to establish the tunnel.

ipsecbos.centoshowtos.org

Create an ifcfg-ipsec1 file.

vi /etc/sysconfig/network-scripts/ifcfg-ipsec1

The file should look like this (except your IPs will be different)

DST=141.136.108.122
TYPE=IPSEC
ONBOOT=no
IKE_METHOD=PSK

Create keys-ipsec1 file.

vi /etc/sysconfig/network-scripts/keys-ipsec1

The file should look like this (except your key will be different… I hope)

IKE_PSK=i4mth3s3cr3t

Set permissions so only root can read this key file.

chmod 600 /etc/sysconfig/network-scripts/keys-ipsec1

ipsecsea.centoshowtos.org

Create ifcfg-ipsec1 file where the network interface scripts are.

vi /etc/sysconfig/network-scripts/ifcfg-ipsec1

The file should look like this (except your IPs will be different)

DST=216.52.2.41
TYPE=IPSEC
ONBOOT=no
IKE_METHOD=PSK

Create keys-ipsec1 file.

vi /etc/sysconfig/network-scripts/keys-ipsec1

The file should look like this (except your key will be different… I hope)

IKE_PSK=i4mth3s3cr3t

Set permissions so only root can read this key file.

chmod 600 /etc/sysconfig/network-scripts/keys-ipsec1

Bring ipsec1 interfaces online and verify

We are now able to bring up the tunnel interfaces and verify that they are online.

ipsecbos.centoshowtos.org

Use the ifup command to bring up the interfaces.

ifup ipsec1

Now we can verify with the ifconfig command.

ifconfig ipsec1

ipsecsea.centoshowtos.org

Again, we’ll use the ifup command to bring up the interface.

ifup ipsec1

Now we can verify with the ifconfig command.

ifconfig ipsec1
(Comments)

Comments