VPN’s are most def not something I know by heart, so often I find myself googling to figure out what to do exactly. Because of the nature of VPN’s it’s fairly easy to make a mistake and lose connection to your server forever… not something you wish to accomplish on a live application server.
Today, I found myself in need of an IPSEC VPN tunnel to one of my servers and as always I turned my good old friend google to find out how to do it. After a couple of hours googling and way too much information on VPN’s I’ve found this little vpn gem. It was incredibly easy to read, understand and implement.
What you need to do in order to get this working:
First, determine the public ip adresses of both servers, to make the concept of servers a little easier to understand think of a ‘left’ and a ‘right’ server. The ‘left’ server is the one we’re configuring. For the sake of this example I’ll make the public ip’s up.
leftserver: 1.2.3.4
rightserver: 5.6.7.8
sudo vim /etc/hosts# Following lines are for resolving Pyton IPSEC VPN
1.2.3.4 leftserver
5.6.7.8 rightserver>sudo vim /etc/ipsec-tools.conf#!/usr/sbin/setkey -f
flush;
spdflush;
spdadd leftserver rightserver any -P out ipsec
esp/transport//require;
spdadd rightserver leftserver any -P in ipsec
esp/transport//require;sudo vim /etc/racoon/racoon.conflog notify;
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
remote anonymous {
exchange_mode main,aggressive;
proposal {
encryption_algorithm aes_256;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 5;
}
generate_policy off;
}
sainfo anonymous {
pfs_group 2;
encryption_algorithm aes_256;
authentication_algorithm hmac_sha256;
compression_algorithm deflate;
}sudo vim /etc/racoon/psk.txt# IPv4/v6 addresses
5.6.7.8 SuperSecretPresharedKeysudo service racoon restartAnd that’s it! Be sure to enter the right ip’s, psk and encryption algorithms.