Working Freeswan Config Files

Synopsis:
Freeswan is a great way to join remote networks on a
private bridge over the internet. The big problem is getting
Freeswan to work in the first place.

These are are copies of config files that I have been able
to get working. The only thing I've changed are some of
the IP addresses

I'll be adding to these as time goes on. The next part of my working with FreeSwan involves
X.509 certificates.

Regular connection of two FreeSwan gateways running on Slackware Linux

# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.

# basic configuration
config setup
        # THIS SETTING MUST BE CORRECT or almost nothing will work;
        # %defaultroute is okay for most simple cases.
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        # Use auto= parameters in conn descriptions to control startup actions.
        # Close down old connection when new one using same ID shows up.
        interfaces="ipsec0=eth1"
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
        uniqueids=yes

# note: in this connection, west corresponds to the 'left' side of the virtual connection
conn west-east
        leftid=@west.scrunge.com
        leftrsasigkey=0sAQOjwh17I3L+vfoRDa9YTZVeJIEIxE65SWr+NM06wOkKPM3dS+HCuTT9kjFqlhxJcnJ/x8QvA/4JWY1weYjKUK7sBFHHFfXlRdTy1uOyw1dIqevBkF221Xh2DqcP6M2wlW1ZTT
of/+blP5j4ZhHsZyUfLUksPuimApdxxxxxxxxxxxh5ArYl3gZDuF/yeq89fFf3iJ3rAhbPkEt9ifbfE50JYpxUEgaw4duIZXQ4LhabR9jij4174KfJ+Df6uNeEQiZr+HUoPJupbMOwbxQQR3kFMOC3fG1C6/GB
BThk6TI5KB5oRMxKynqdczwfCCKxxxxxxxxxxxxxxxxxxxxxxxoG0Gh84qUjNX
        left=206.127.xxx.xxx
        leftsubnet=192.168.11.0/24
        leftnexthop=206.127.xxx.xxx
        rightid=@east.scrunge.com
        rightrsasigkey=0x01038ae8bc5d6721f5exxxxxxxxxxxxxxxxxx9e7f9b85b28d0bcf3217e48b5f285098baaaae32ff42573df7501b63ab9b5848edc7460daf558d3dde117e4fa98d492a712
452afa9898da54b751bxxxxxxxxxx8b77000a5bf2f7a13d34c735c2deba503ccb8abea8882ad4edcb114d4e56a7495d4229ac0d9a708a90f7bf8a0f0d
        right=206.127.xxx.xxx
        rightsubnet=192.168.0.0/24
        #rightsubnet=192.168.0.0/16
        rightnexthop=206.127.xxx.xxx
        keyingtries=20
        auto=start
        auth=esp
        authby=rsasig
 

Reference


http://www.freeswan.org
http://www.freeswan.ca
http://jixen.tripod.com
http://www.natecarlson.com/linux/ipsec-x509.php
http://en.tldp.org/HOWTO/VPN-Masquerade-HOWTO.html


Not particularly useful but interesting:
http://www.internetweek.com/VPN/



Terra Firma Software Solutions, Inc.