ipsec ike-vpn :500/udp

IPSEC type of Internet Security Association Key Management Protocol (ISAKMP)

Framework for authentication and key exchange. Phases in setting up security association (SA) between endpoints:

Establish secure channel using PreSharedKey (PSK) or certificates. It can use main mode (3 pairs of messages) or aggressive mode.
(optional) Extended AUTH Phase - authenticates the user trying to connect.
Negotiates the parameter for data security using ESP or AH. Can use different algorithm than phase

Connect

sudo ipsec statusall

# auto=start
sudo ipsec [start --nofork]

# auto=add
sudo ipsec [start | stop]
sudo ipsec [up | down] CONFIG-NAME

Config files

/etc/ipsec.secrets

This file hold shared secrets or RSA private keys for authentication

# add line
TARGET-IP %any : PSK "PASSWORD"

/etc/ipsec.conf

# setup to enable verbose debugging
# conn profile to connect
config setup
    charondebug="all"

conn CONFIG-NAME
    # basic config
    auto=start [ | add]
    authby=secret [ | psk]

    # tunnel when have subnets
    type=transport [ | tunnel]

    # left side config
    left=KALI-IP
    leftsubnet=KALI-IP[PROTOCOL] | leftprotoport=PROTOCOL

    # right side config
    right=TARGET-IP
    leftsubnet=TARGET-IP[PROTOCOL] | leftprotoport=PROTOCOL

    # IKE config
    keyexchange=ikev1 [|ikev2]
    # example: 3des-sha1-modp!
    ike=ALGORITHM-HASH-GROUP!
    esp=ALGORITHM-HASH!

Install Strongswan

sudo apt install strongswan

Error fix (while connecting)

sudo apt install libstrongswan-standard-plugins libstrongswan-extra-plugins

Previousimap :143 :993 Nextirc

Last updated 2 years ago