In the first article in this two-part series we took a look at the process of installing The IPSec VPN software FreeS/WAN on a Red Hat Linux server. In this article we continue the process, taking a look at how the service needs to be configured, are ultimately and a secure tunnel established.
The configuration of FreeS/WAN is not terribly difficult but can be a little bit tricky. You will need to configure some general start-up parameters and create connection objects that define the tunnels you wish to implement. To start, draw a basic diagram of the implementation scenario, which can be added to later. There are many variables that need to be documented at this point including the interfaces and their IP addresses, private subnet addresses, and the address of the next-hop Internet gateways.
For this example, assume that what we’re trying to connect are two single subnet networks that are connected to the Internet using either straight routing or masquerade. On the test network, we’re using masquerade to NAT private internal IP addresses (192.168.x.y) to public external interfaces, with this configured correctly on both gateway systems running FreeS/WAN (note that for illustration purposes, the entire test network is running private addresses). Internal clients should ultimately point to the IPSec server’s internal interface as their default gateway. Given that IPSec isn’t configured with any tunnels yet, we’ll assume that your private internal clients can ping Internet systems from both networks.