A Site-to-site VPN is a type of VPN connection that is created between two separate locations. It provides the ability to connect geographically separate locations. for example a linux server can be connected to a local computer behind a virtual private network in a remote office.
STEP 1: Install the VPN Tool
On server A, run the following command to install strongswan
apt install strongswan -y
STEP 2: Configure the VPN Tool
cat >> /etc/sysctl.conf << EOF net.ipv4.ip_forward = 1 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.send_redirects = 0 EOF
STEP 3: Backup Ipsec.conf and Ipsec.secrets for previous connections
cp /etc/ipsec.conf /etc/ipsec.conf.bkup cp /etc/ipsec.secrets /etc/ipsec.secrets.bkup
STEP 4: Edit ipsec config
You can find config file in /etc/ipsec.conf
Just paste the config below
It is very important that all the values match on both Linux and Cisco
conn vpn keyexchange=ikev1 aggressive=no authby=secret auto=route esp=3des-sha1-modp1024 ike=3des-sha1-modp1024 ikelifetime=28800 left=LINUX_PUBLIC_IP_ADDRESS right=CISCO_PUBLIC_IP_ADDRESS
keyexchange = ike | ikev1 | ikev2
method of key exchange; which protocol should be used to initialize the connection.
this value should match on both machines
esp = <cipher suites>
comma-separated list of ESP encryption/authentication algorithms to be used for the connection
ike = <cipher suites>
comma-separated list of IKE/ISAKMP SA encryption/authentication algorithms to be used
ikelifetime = 3h | <time>
how long the keying channel of a connection (ISAKMP or IKE SA) should last before being renegotiated.
In my case I needed to setup connection to Cisco that already was setup.
STEP 5: Establish The Connection
After setting up, we bring up the tunnel connection with the below command.
sudo ipsec up vpn # where 'vpn' is the connection name
You can check the status of the connection with the following commands
sudo ipsec statusall sudo ipsec status
The output will be as below:To restart ipsec , use:
sudo ipsec restart