home

White papers

Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers
Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Show On this page:

thumbnailWhite papers

Configure the IPsec site-to-site VPN (Fedora/RHEL/Centos)

Configure strongSwan (Fedora/RHEL/Centos site-to-site)

An example of how to configure strongSwan on each peer in the IPsec site-to-site VPN use case.

  1. Edit the text file at /etc/strongswan/swanctl/conf.d/devcloud1.conf: Copy and paste this configuration into the file.
    connections {
  devcloud1 {
    local_addrs = 172.16.0.4
    remote_addrs = 10.10.2.3
    dpd_delay = 60s
    rekey_time = 4h
    proposals = aes128gcm128-sha2_256-ecp256
    version = 2
 
    local {
      auth = pubkey
      certs = /etc/strongswan/ipsec.d/certs/devcloud1.vpn.am.crt
      id = devcloud1.vpn.am
    }
 
    remote {
      auth = pubkey
      id = server.vpn.am
    }
 
    children {
      tunnel-1 {
        local_ts = 0.0.0.0/0
        remote_ts = 0.0.0.0/0
        mark_in = 42
        mark_out = 42
        rekey_time = 1h
        esp_proposals = aes128gcm128-ecp256
        dpd_action = restart
      }
    }
  }
}
  2. Save your changes to the file.

Last updated: June 28, 2022

Related Articles: