How to configure an IPSec Tunnel in CentOS

Install ipsec-tools package

Configuring an IPSec Tunnel on CentOS is fairly straightforward.

In the example, we’ll tunnel between fictitious servers with public addresses in Boston and Seattle. For Boston we’ll use ipsecbos.centoshowtos.org – 216.52.2.41 and for Seattle ipsecsea.centoshowtos.org – 141.136.108.122.

Create ifcfg-ipsec1 Configuration Files and keys-ipsec1

Configuration files for the IPSec tunnel live alongside your CentOS network device files in /etc/sysconfig/network-scripts/. We will also need to create a keys file keys-ipsec1 which contains the Pre-shared key (PSK) that should match on both ends to establish the tunnel.

ipsecbos.centoshowtos.org

Create an ifcfg-ipsec1 file.

The file should look like this (except your IPs will be different)

Create keys-ipsec1 file.

The file should look like this (except your key will be different… I hope)

Set permissions so only root can read this key file.

ipsecsea.centoshowtos.org

Create ifcfg-ipsec1 file where the network interface scripts are.

The file should look like this (except your IPs will be different)

Create keys-ipsec1 file.

The file should look like this (except your key will be different… I hope)

Set permissions so only root can read this key file.

Bring ipsec1 interfaces online and verify

We are now able to bring up the tunnel interfaces and verify that they are online.

ipsecbos.centoshowtos.org

Use the ifup command to bring up the interfaces.

Now we can verify with the ifconfig command.

ipsecsea.centoshowtos.org

Again, we’ll use the ifup command to bring up the interface.

Now we can verify with the ifconfig command.