OpenSwan Quick Install

Download:
tar -xvzf openswan-xxx.tar.gz
cd openswan-xxx
Prerequisite:
yum install gcc
yum install bison
yum install flex
yum install gmp*
yum install make
yum install lsof
make programs
make install

/etc/init.d/ipsec start

ipsec verify

Edit Conf Files:
nano /etc/ipsec.conf
nano /etc/ipsec.secrets

Set startup:
chkconfig –level 3 ipsec on
chkconfig –level 5 ipsec on
 

Check status:
ipsec verify
ipsec auto –status

Firewall Rules:

# allow IPsec
#
# IKE negotiations
iptables -I INPUT -p udp –sport 500 –dport 500 -j ACCEPT
iptables -I OUTPUT -p udp –sport 500 –dport 500 -j ACCEPT
# ESP encryption and authentication
iptables -I INPUT -p 50 -j ACCEPT
iptables -I OUTPUT -p 50 -j ACCEPT

Meta