IPsec Host-to-Host Configuration

IPsec Host-to-Host Configuration

For a host-to-host connection, you need the following information:

The IP address for both hosts.
A unique name to identify the IPsec connection and distinguish it from other devices or connections (for example, ipsec0).

A fixed encryption key or one automatically generated by racoon.
A pre-shared authentication key that is used to initiate the connection and exchange encryption keys during the session.

For example, suppose Workstation A and Workstation B want to connect to each other through an IPsec tunnel. They want to connect using a pre-shared key with the value of ‘buddies’ and the users agree to let racoon automatically generate and share an authentication key between each host. Both host users decide to name their connections ipsec0.

The following is the ifcfg file for Workstation A for a host-to-host IPsec connection with Workstation B (the unique name to identify the connection in this example is ipsec0, so the resulting file is named /etc/sysconfig/network-scripts/ifcfg-ipsec0):

DST=X.X.X.X TYPE=IPSEC ONBOOT=yes IKE_METHOD=PSK

Workstation A would replace X.X.X.X with the IP address of Workstation B, while Workstation B replaces X.X.X.X with the IP address of Workstation A.

The connection is set to initiate upon boot-up (ONBOOT=yes) and uses the pre-shared key method of authentication (IKE_METHOD=PSK).

The following is the content of the pre-shared key file (called /etc/sysconfig/network-scripts/keys-ipsec0) that both workstations need to authenticate each other.

The contents of this file should be identical on both workstations and only the root user should be able to read or write this file.

IKE_PSK=buddies

For Security chmod to 600

chmod 600 /etc/sysconfig/network-scripts/keys-ipsec0

Tags: , ,

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.