Site to Site IPSec VPN with strongSwan and OpenStack VPNaaS (IPsec)
Setup
# Left (Ubuntu client, behind NAT) Ubuntu Client IP: 212.8.9.10 Ubuntu net: 192.168.178.0/24 # Right (OpenStack VPNaaS) VPN_SERVICE_ID=$(openstack vpn service list -c ID -f value) VPN_SERVICE_IP=$(openstack vpn service show ${VPN_SERVICE_ID} -c external_v4_ip -f value) echo ${VPN_SERVICE_IP} OpenStack VPN IP: 217.50.60.70 OpenStack Net: 10.0.1.0/24
Create OpenStack VPN endpoint
http://www.panticz.de/openstack/vpnaas
/etc/ipsec.secrets
217.50.60.70 : PSK "PASS1234"
/etc/ipsec.conf
config setup conn vpn1 keyexchange=ikev1 left=%defaultroute leftid=212.8.9.10 leftsubnet=192.168.178.0/24 leftauth=psk leftfirewall=yes authby=psk auto=start ike=aes256-sha512-modp1024 esp=aes256-sha512 right=217.50.60.70 rightsubnet=10.0.1.0/24 rightauth=psk ikelifetime=3600s keylife=3600s type=tunnel
CLI
sudo ipsec status sudo ipsec statusall sudo ipsec restart sudo ipsec up vpn1 sudo ipsec down vpn1 sudo ipsec listalgs
List