IPsec

Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).

-- Wikipedia

ike-scan

The IKE Scanner - Discover and fingerprint IKE hosts (IPsec VPN Servers) GitHub - royhills/ike-scan

ike-scan -A -M <ip>

-> -2 to check for ikev2

Strongswan

IPsec VPN for Linux, Android, FreeBSD, Mac OS X, Windows strongSwan

apt install strongswan

configure

/etc/ipsec.secrets -> Add line <target-ip> %any: PSK "<PSK>"

/etc/ipsec.conf

conn Conceal
	type=transport
	keyexchange=ikev1
	left=<local-ip>
	leftprotoport=tcp
	right=<target-ip>
	rightprotoport=tcp
	authby=psk
	esp=3des-sha1
	ike=3des-sha1-modp1024
	ikelifetime=8h
	auto=start

Run

ipsec start --nofork

VPN — IPsec — Troubleshooting IPsec VPNs | pfSense Documentation

  • add fragmentation=yes to /etc/ipsec.conf

  • reduce mtu zize ifconfig tun0 mtu 1000

PreviousIISNextIRC

Last updated