Intro
The client set up is fairly painless, you will need some previously created X509 certificates (client and server) and a IPSEC VPN server to connect to. I am assuming strongswan for this setup example but there is very little difference betwen openswan and strongswan at the moment. So the instructions should be generic for both. So install strongswan or openswan using your favorite method i suggest apt-get for debian or urpmi for mandrake. Do not forget that as a minimum you will have to create a Certificate Authority, a client certificate for the server and a client certificate for each computer to connect to your server.
The Certificates
Copy the certificates to the following locations
cacert.pem -----> /etc/ipsec.d/cacerts
crl.prm -----> /etc/ipsec/crls
clientcert.key -----> /etc/ipsec.d/private
clientcert.pem -----> /etc/ipsec.d/certs
vpnserver.pem -----> /etc/ipsec.d/certs
Ensure the permissions are sensible on these files especial the .key files in /etc/ipsec.d/private
Configuring open swan
: RSA clientcert.key "password"
Next set up the /etc/ipsec.conf file. This is assuming you are connecting into a static server as discussed
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
nat_traversal=yes
conn %default
rightrsasigkey=%cert
leftrsasigkey=%cert
conn mycompanynetwork
compress=no
left=myipaddress
leftcert=clientcert.pem
right=ipaddressofVPNserver
rightcert=vpnserver.pem
rightsubnet=192.168.0.0/24
auto=start
# OE policy groups are disabled by default
conn block
auto=ignore
conn clear
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn packetdefault
auto=ignore
Previous page: IPSEC-VPN-Server-HowTo
Next page: IPSEC-FW