Description In this post I’ll show you how to install, configure and test IPSec for a site-to-site configuration on Linux using wireguard. (https://www.wireguard.io/). In this P.O.C. we are using Ubuntu 16.04 LTS as the operating system, the configurations will be the same in all Linux OS’s.  The main differences will…

Description In this post I’ll show you how to install, configure and test IPSec for a site-to-site configuration on Linux using openswan (https://www.openswan.org/). In this POC we are using CentOS 6.9 as operating system, but the configuration will be the same no matter what Linux OS are you using. The…

Pf firewall rules The same tests were made on both machines with pf firewall turn on. You can see the content of /etc/pf.conf file in the next section: ## Firewall rules for IPSec ## ## ———————— ## ## define macro section ## ext_if = “em0” int_if = “em1” #lan_net =…

Test IPSec tunnels On FreeBSD2 run following command: ping  -S 10.2.1.1 10.1.1.1 On FreeBSD1 run following command:           tcpdump –nvi em0 host 10.27.62.169 and dst 10.27.62.18 You must see something like this: 10.27.62.169 > 10.27.62.18: ESP (spi=0x….)  # that means that traffic is encrypted Bandwidth tests and results Iperf will…

Configuration file  /usr/local/etc/raccoon/raccoon.conf On FreeBSD1 path pre_shared_key “/usr/local/etc/racoon/psk.txt”; # “log” specifies logging level.  It is followed by either “notify”, “debug” or “debug2”. #log debug; padding {     maximum_length 20;   # maximum padding length.     randomize off;       # enable randomize length.     strict_check off;    # enable strict check.     exclusive_tail off; …

Install necessary software on FreeBSD1 and FreeBSD2 pkg install ipsec-tools pkg install racoon2 pkg install tcpdump pkg install iperf pkg add pftop Configuration file /etc/rc.conf should look as follows On FreeBSD1 hostname=”fbsd1″ ifconfig_em0=”DHCP” sshd_enable=”YES” ntpd_enable=”YES” # Set dumpdev to “AUTO” to enable crash dumps, “NO” to disable dumpdev=”NO” #em1 definition…

Description In this post I’ll show you how to install, configure and test IPSec on FreeBSD. All tests were made on two machines running FreeBSD version 10.1-RC3  with following specifications: CPU- 4 cores. Memory – 5 GB.   Scenario     In order to have IPSec support in kernel we…