Installing and Configuring a Linux VPN Server (Part 2)

The config setup section is not difficult to configure because most of the default values will do. However, it is worth knowing the purpose of each variable in case you run into any problems. The interfaces=%defaultroute can probably be left alone, since it will assign the default Internet connection interface as the ipsec0 interface. If not, you can assign the appropriate interface name itself, such as interfaces=”ipsec0=eth0”. The following two variables, klipsdebug=none and plutodebug=none turn off debugging for Kernel IPSec (KLIPS) and Pluto (the connection negotiation daemon). These can be set to all if debugging is required. The plutoload= and plutosearch= are both set to %search by default. This means that the variables configured on the actual connection description will be used to decide whether the connection is simply loaded into memory or negotiated when Pluto starts. For all intents and purposes, leave these alone. If set to yes, the uniqueids= variable will remove old connections in cases where one server closes a connection and then attempts to reconnect.

The connection defaults section is where we’ll need to add the public keys generated earlier, and is critical for the mutual authentication of out tunnel servers. You’ll need to insert the public key variables in the appropriate leftrsasigkey= and rightrsasigkey= sections. To do this quickly and easily, open leftpubkey.txt in vi and move the cursor to the l of leftrsasigkey=. In command mode enter the following:


:e /etc/ipsec.conf

This will copy the key and then open the ipsec.conf file to allow you to paste in the new value. Move to the authby= line. Enter:


This will paste the key into the file – just be sure to remove the old leftrsasigkey= line, and then follow the same procedure using rightpubkey.txt. Be sure that sections are aligned properly for clarity and proper functionality. If your setup involves the creation of multiple tunnels, the public key values should be moved into the actual connection description instead of being left in the default section, as different key values will exist for different tunnels.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.