Reply To: site to site vpn using ipsec?

Forums Network Management VPN site to site vpn using ipsec? Reply To: site to site vpn using ipsec?


My configuration of site-to-site IPsec with PSKs:

Assume network parameters:
My IP (zeroshell site):
Remote IP:
My LAN (behind zeroshell):
Remote LAN:

Config preparation:
mkdir -p /Database/custom/ipsec

Here I made 3 files

psk.txt (with PSKs – preshared keys): Preshared key 1

ipsec.conf (with IPsec policies):

#!/usr/sbin/setkey -f
# Flush SAD and SPD

# Create policies for racoon
spdadd any -P out ipsec

spdadd any -P in ipsec


path pre_shared_key "/Database/custom/ipsec/psk.txt";

listen { isakmp; }

remote {
exchange_mode main;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group modp1024;

sainfo address any address any {
pfs_group modp1024;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;

Start IPsec in zeroshell’s post boot script:

# Start IPsec
iptables -t nat -I POSTROUTING -s -d -j ACCEPT
setkey -f /Database/custom/ipsec/ipsec.conf
racoon -f /Database/custom/ipsec/racoon.conf

You should allow VPN traffic by firewall rules as well (UDP/500, ESP and site-to-site traffic).