OpenSwan (IPsec configurations)

Refer to this video: https://www.youtube.com/watch?v=y5V8MKIJETQ
9:43 for the start of the router configurations

For all routers:


(1) sudo su
(2) yum update
(3) yum install openswan

(4) vi /etc/ipsec.conf            \\delete # in Ipsec then hit escape
(5) :wq                                  \\to save

(6) vi /etc/sysctl.conf              \\for IPv4 forwarding
Controls IP packet forwarding
net.ipv4 and replace 0 to 1

and add

# openswan config
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0


click escape and
(7) :wq                        \\to save

R1 config:

conn singapore-to-oregon
        type=tunnel
        authby=secret
        left=%defaultroute
        leftid=52.41.78.207
        leftnexthop=%defaultroute
        leftsubnet=172.31.0.0/16
        right=52.77.37.249
        rightsubnet=172.30.0.0/16
        pfs=yes
        auto=start

vi /etc/ipsec.d/singapore-to-oregon.secrets



52.41.78.207 52.77.37.249: PSK "just make it work nash!"

R2 config


(1) vi /etc/ipsec.d/Singapore-to-Oregon.conf
click i             \\to insert

conn oregon-to-singapore

        type=tunnel

        authby=secret

        left=%defaultroute

        leftid=52.77.37.249

        leftnexthop=%defaultroute

        leftsubnet=172.30.0.0/16

        right=52.41.78.207

        rightsubnet=172.31.0.0/16

        pfs=yes

        auto=start


vi /etc/ipsec.d/oregon-to-singapore.secrets

52.77.37.249 52.41.78.207 : PSK "just make it work nash!"




R3 Config
conn tokyo-to-oregon
        type=tunnel
        authby=secret
        left=%defaultroute
        leftid=52.197.86.180
        leftnexthop=%defaultroute
        leftsubnet=172.32.0.0/16
        right=52.41.78.207
        rightsubnet=172.31.0.0/16
        pfs=yes
        auto=start

52.197.86.180 52.41.78.207: PSK "just make it work nash!"

To initiante connection:
service ipsec start
service ipsec status
On each router we need to disable source/destination checking using the comsole:

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/


2. In the navigation pane, choose Instances.


3. Select the VPN instance - i-0a892d97df448390d, choose Actions, select Networking, and then select Change Source/Dest. Check.


4. Choose Yes, Disable.





  • ZZ (Note: capitals) - Save and exit

  • :q! - discard all changes, since the last save, and exit

  • :w - save file but don't exit

  • :wq - again, save and exit



Reference:
https://aws.amazon.com/articles/5472675506466066
https://www.youtube.com/watch?v=y5V8MKIJETQ

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.