My purpose is tunneling my office with the cloud utilizing ipsec. I will provision a gateway machine in the cloud running openswan, in my office I am using pfsense.
In my cloud gateway vm image:
[root@gtw ~]#yum install openswan (if it isn't already)
[root@gtw ~]#vi /etc/ipsec.d/myconn
config setup nat_traversal=yes oe=off protostack=netkey interfaces="%defaultroute" klipsdebug=all plutodebug=all conn myconn authby=secret pfs=yes auto=start ike=3des-sha1 esp=3des-sha1 keyingtries=30 rekey=no ikelifetime=24h keylife=1h type=tunnel left=<gateway private address> leftsubnet=10.0.1.0/24 right=<my office public ip(nated)> rightsubnets=10.0.0.0/24 [root@gtw ~]# vi /etc/ipsec.d/shared.secrets %any %any : PSK "<yoursecret>" [root@gtw ~]# service ipsec start ipsec_setup: Starting Openswan IPsec U2.6.32/K3.8.13-68.2.2.2.el6uek.x86_64... ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled [root@gtw ~]# service ipsec status IPsec running - pluto pid: 4893 pluto pid 4893 1 tunnels up some eroutes exist
In my local firewall:
Troubleshooting:
Useful tools:
Enjoy 😉