I recently bought a Zywall 2 for my home office, and tried to set up a VPN connection using OpenSwan. Quite a lot of research later it was done. To prevent others from searching, I decided to put together a short guide. First of all you need to configure the Zywall and set up an incoming VPN connection there:
Now that we have the Gateway Policy, all we need to add is a Network Policy:
Now the Zywall is set up and ready to handle an incoming VPN connection. All we still need to do is configure the OpenSwan at our Linux system. Basically this is done using two files: /etc/ipsec.conf and /etc/ipsec.secrets ! Here is the listing of my ipsec.conf:
In fact only four values need to be modified for you: left, right, rightid and rightsubnet.
One more thing is still missing, the Pre-Shared-Key. This has to be added in the /etc/ipsec.secrets file. Just add the following line to it:
Note: the ':’ is by intention. This way your PSK will be used for any connection, so this only works if you have one. If you have more than one connection configured, you need to specify the IP-Addresses before the ':’. Now we are done, start your VPN connection by running /etc/init.d/ipsec start. In your /var/log/messages you should see some messages indicating the the connection was started. |
|
来自: Dead n Gone > 《VPN》