site to site vpn using ipsec?

Forums Network Management VPN site to site vpn using ipsec?

  • This topic is empty.
Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
  • #42324

    Is there aa way to use ipsec for a site-to-site vpn in preference to the ssl implementation. I would love to use the ssl stuff but I have a significant investment in Linsys RV042 routers at a number of home offices.

    I would like to connect these home offices to my Zeroshell box at the main office so that the voip extensions can connect to the PBX but i cannot do this with the ssl implementation afaik.


    I’m not aware of a way of doing this, did you get a solution?


    i have not figured out a way to do this although I have not worked on it since posting this question.

    I see how the ssl implementation is a a better solution but in some cases it is just not feasible to replace a large amount of existing equipment.

    If anyone knows more about this topic any info would be greatly appreciated.

    If you would like to know more about this please bump.


    1) No need to answer back to bots (bradj) 😀
    2) How about the Host-to-LAN (L2TP/IPSec)? Isn’t that working for you?


    to my knowledge the “host to lan” implementation does not work with PSKs. although i do not currently have a box up to confirm this on. if it does that I suppose I could just use that section to build a lan-to-lan vpn


    No it doesn’t, at least on the web interface. I suppose that you could give it a try in the CLI.


    My configuration of site-to-site IPsec with PSKs:

    Assume network parameters:
    My IP (zeroshell site):
    Remote IP:
    My LAN (behind zeroshell):
    Remote LAN:

    Config preparation:
    mkdir -p /Database/custom/ipsec

    Here I made 3 files

    psk.txt (with PSKs – preshared keys): Preshared key 1

    ipsec.conf (with IPsec policies):

    #!/usr/sbin/setkey -f
    # Flush SAD and SPD

    # Create policies for racoon
    spdadd any -P out ipsec

    spdadd any -P in ipsec


    path pre_shared_key "/Database/custom/ipsec/psk.txt";

    listen { isakmp; }

    remote {
    exchange_mode main;
    proposal {
    encryption_algorithm 3des;
    hash_algorithm md5;
    authentication_method pre_shared_key;
    dh_group modp1024;

    sainfo address any address any {
    pfs_group modp1024;
    encryption_algorithm 3des;
    authentication_algorithm hmac_md5;
    compression_algorithm deflate;

    Start IPsec in zeroshell’s post boot script:

    # Start IPsec
    iptables -t nat -I POSTROUTING -s -d -j ACCEPT
    setkey -f /Database/custom/ipsec/ipsec.conf
    racoon -f /Database/custom/ipsec/racoon.conf

    You should allow VPN traffic by firewall rules as well (UDP/500, ESP and site-to-site traffic).

Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.