ipsec

By steve, 4 February, 2016

Linux ipcomp

I have just got ipcomp working between 2 hosts as follows:

  • Install the ipsec-tools program
  • Add the following config to /etc/ipsec-tools.d/peername.conf

    spdadd MY_IP PEER_IP any -P out ipsec ipcomp/transport//use;
    add MY_IP PEER_IP ipcomp 1000 -m transport -C deflate;

    spdadd PEER_IP MY_IP any -P in ipsec ipcomp/transport//use;
    add PEER_IP MY_IP ipcomp 1000 -m transport -C deflate;

Tags

By steve, 8 November, 2013

IPSEC Tunnel from Cisco to Linux

When using IPSEC, I prefer to use tunnel interfaces so you can route traffic normally across the tunnel and use BGP/OSPF to transfer routes between sites. I managed to get this working from Linux to Cisco as follows, with redundant DSL connections (yuo can adjust to suit your environment):

On the Cisco router:
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 3600

crypto isakmp key Pre-Shared-Key address Linux-IP-Address no-xauth

Tags

ipsec