4.3 - Configuração do Openswan

O servidor de VPN deve estar configurado de acordo com a estrutura de sua unidade. Sempre lembrando que a instalação mostrada abaixo é de uma versão mais antiga, licenciada pela GPL versão 2. A versão indicada da figura anterior pode ter algumas diferenças.

Para a configuração da VPN siga os passos seguintes.

1. Habilitar o roteamento no Linux:

echo 1 > /proc/sys/net/ipv4/ip_forward

2. Configurar o arquivo de configuração do Openswan:

vim /etc/ipsec.conf
debian:~# cat /etc/ipsec.conf
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.4 2006/07/11 16:17:53 paul Exp $
# This file:  /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5
version 2.0     # conforms to second version of ipsec.conf specification
# basic configuration
config setup
        interfaces=%defaultroute
        # plutodebug / klipsdebug = “all”, “none” or a combation from below:
        # “raw crypt parsing emitting control klips pfkey natt x509 private”
        # eg:
        # plutodebug=”control parsing”
        #
        # Only enable klipsdebug=all if you are a developer
        #
        # NAT-TRAVERSAL support, see README.NAT-Traversal
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
        #
        # enable this if you see “failed to find any available worker”
        nhelpers=0
# Add connections here
conn %default
        keyingtries=0
        disablearrivalcheck=no
conn vpnpeer1
        left=200.200.40.16
        leftsubnet=192.168.1.0/255.255.255.0
        right=200.200.140.10
        rightsubnet=10.61.0.0/255.255.0.0
        ike=aes256-sha-modp1024
        esp=aes256-sha1
        pfs=no
        ikelifetime=8h
  keylife=8h
        dpddelay=30
        dpdtimeout=120
        dpdaction=hold
        authby=secret
        auto=start
# nameserver 202.21.11.100
# sample VPN connections, see /etc/ipsec.d/examples/
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
--------------------------------------------------------------------
debian:~# cat /etc/ipsec.secrets
# RCSID $Id: ipsec.secrets.proto,v 1.3.6.1 2005/09/28 13:59:14 paul Exp $
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication.  See ipsec_pluto(8) manpage, and HTML documentation.
# RSA private key for this host, authenticating it to any other host
# which knows the public part.  Suitable public keys, for ipsec. conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with “ipsec showhostkey”.
200.200.40.16 200.200.140.10 : PSK “vpnipsec”
Copyright © 2016 AIEC.