Create an IPSEC tunnel in Debian for tunneling NFS and other traffic

David Hausheer

Installation

Make sure your kernel supports IPSEC:

Native in kernel 2.6
Backported to kernel 2.4 in Debian patch

Install ipsec-tools:

apt-get install ipsec-tools

Configuration

Edit /etc/ipsec-tools.conf locally (here 111.000.111.000):

#!/usr/sbin/setkey -f # Flush the SAD and SPD flush; spdflush; add 222.111.222.111 111.000.111.000 esp 12340 -m tunnel -E 3des-cbc "secret1"; add 111.000.111.000 222.111.222.111 esp 12341 -m tunnel -E 3des-cbc "secret2"; spdadd 111.000.111.000 222.111.222.111 any -P out ipsec esp/tunnel/111.000.111.000-222.111.222.111/require; spdadd 222.333.444.555 111.000.111.000 any -P in ipsec esp/tunnel/222.111.222.111-111.000.111.000/require;

Edit /etc/ipsec-tools.conf remotely (here 222.333.444.555):

#!/usr/sbin/setkey -f # Flush the SAD and SPD flush; spdflush; add 222.111.222.111 111.000.111.000 esp 12340 -m tunnel -E 3des-cbc "secret1"; add 111.000.111.000 222.111.222.111 esp 12341 -m tunnel -E 3des-cbc "secret2"; spdadd 222.333.444.555 111.000.111.000 any -P out ipsec esp/tunnel/222.111.222.111-111.000.111.000/require; spdadd 111.000.111.000 222.111.222.111 any -P in ipsec esp/tunnel/111.000.111.000-222.111.222.111/require;

Let your local firewall accept esp packets:

iptables -A INPUT -s 222.333.444.555 -p esp -j ACCEPT

Let your remote firewall accept esp packets:

iptables -A INPUT -s 111.000.111.000 -p esp -j ACCEPT

Create an IPSEC tunnel in Debian for tunneling NFS and other traffic

Installation

Configuration

More info

Related topics