VPN

VPN to connect two computers (or two networks (or one computer and one network)) over an unsecure connection. Your situation may look like this:

( NET_1 )-[IP__1]~~~~~~~~~[IP__2]-( NET_2 )
[$[Get Code]]
SK="/usr/sbin/setkey"
[$[Get Code]]
  • Which passwords to use:
PASS1="aaaaaaaaaaaaaaaaaaaaaaaa"
PASS2="bbbbbbbbbbbbbbbbbbbbbbbb"
[$[Get Code]]

Change this to your own one or use

pwgen -s 24 2
[$[Get Code]]

to create a new one.

  • IP addresses of the gateways and the networks behind them. In this examp,e 1 is a gateway to the world and 2 only a single computer without a network behind it.
IP__1="10.0.0.1"
NET_1="0.0.0.0/0"
IP__2="10.0.1.1"
NET_2="10.0.1.1/32"
[$[Get Code]]
  • Now assign the passwords to the IP addresses, start the tunnel and deny unecrypted packages (this one is for the gateway 1):
echo "
flush;
spdflush;

add $IP__1 $IP__2 esp 12340 -m tunnel -E 3des-cbc "$PASS1";
add $IP__2 $IP__1 esp 12341 -m tunnel -E 3des-cbc "$PASS2";

spdadd $IP__2 $NET_1 any -P in ipsec esp/tunnel/$IP__2-$IP__1/require;
spdadd $NET_1 $IP__2 any -P out ipsec esp/tunnel/$IP__1-$IP__2/require;

" | "$SK" -c
[$[Get Code]]

For gateway 2 just swap "in" and "out":

echo "
flush;
spdflush;

add $IP__1 $IP__2 esp 12340 -m tunnel -E 3des-cbc "$PASS1";
add $IP__2 $IP__1 esp 12341 -m tunnel -E 3des-cbc "$PASS2";

spdadd $IP__2 $NET_1 any -P out ipsec esp/tunnel/$IP__2-$IP__1/require;
spdadd $NET_1 $IP__2 any -P in ipsec esp/tunnel/$IP__1-$IP__2/require;

" | "$SK" -c
[$[Get Code]]

IPsec HOWTO