IpSec sur Squeeze

Voici une guide pour faire un IPSec tunnel entre 2 serveurs Debian Squeeze.

Serveur 1: IP: 10.230.33.121 IP sur le tunnel: 192.168.203.1

Serveur 2: IP: 192.168.104.145 IP sur le tunnel: 192.168.22.1

Sur chaque serveur:

apt-get install racoon ipsec-tools

Configuration de racoon

Racoon est un daemon qui s'occupe d'échange des clés.

Sur serveur 1

Editer /etc/racoon/racoon.conf

path pre_shared_key "/etc/racoon/psk.txt";
#path certificate "/etc/racoon/certs";

remote 192.168.104.145 {
        exchange_mode main,aggressive;
        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group modp1024;
        }
}
 
sainfo address 192.168.203.0/24 any address 192.168.22.0/24 any {
        pfs_group modp768;
        encryption_algorithm 3des;
        authentication_algorithm hmac_md5;
        compression_algorithm deflate;
}

Editer /etc/racoon/psk.txt

192.168.104.145 mekmitasdigoat

Attn: le text après le IP doit être identique sur les 2 serveurs.

Sur serveur 2

Editer /etc/racoon/racoon.conf

path pre_shared_key "/etc/racoon/psk.txt";
#path certificate "/etc/racoon/certs";

remote 10.230.33.121 {
        exchange_mode main,aggressive;
        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group modp1024;
        }
}



 
sainfo address 192.168.22.0/24 any address 192.168.203.0/24 any {
        pfs_group modp768;
        encryption_algorithm 3des;
        authentication_algorithm hmac_md5;
        compression_algorithm deflate;
}

Editer /etc/racoon/psk.txt

10.230.33.121 mekmitasdigoat