Lost with vpn config

I've been trying to setup a vpn connection from my home PFSense to my Linode for a while now. I've come a long way and read a lot of things. I feel like I should be very close, but I've never configured StrongSwan before.

What I want is to setup my linode to appear as another host on my lan, so that I can route certain services over the encrypted VPN connection. I'm looking for something like ftp/smb/nfs. Probably SMB as I develop on Windows. After completing a multistage in place upgrade from Ubuntu 12.x 32bit to 14.04 64bit upgrade, I've been trying to follow this article ~~[http://rmdavidson.blogspot.com/2011/01/linux-strongswan-vpn-to-cisco-router.html" target="_blank">](http://rmdavidson.blogspot.com/2011/01/ … outer.html">http://rmdavidson.blogspot.com/2011/01/linux-strongswan-vpn-to-cisco-router.html]( but having a hard time understanding how any of it works as I can't get anything to connect to show in logs.

I'm pretty sure I'm looking to replicate at least a portion of the bdi-nas connection, as all I want is the specific traffic for the target network on the vpn. I don't want to tunnel all my traffic either way, which is unfortunately just about all I can find for other documentation, nothing talks about split-tunnel.

I have active IPSec connections from home to two separate remote offices with site to site, 1 running a PFSense firewall and one a Cisco ASA. So I know I'm not having a filtering/firewall problem.

I'm feeling lost at this point. I've wiped my config on both ends a few times and am just having a hard time with StrongSwan, OpenSwan didn't do any better, and I just hit a wall looking into OpenVPN. Suggestions, examples, alternatives would all be welcome. This is my first site to single public host, and I think I'm getting stuck with something at this part.

Is site-to-host much different than site-to-site?

What magic does StrongSwan do?

Do I need a dummy interface?

2 Replies

I use this connection from my home vpn server to my Linode. the Linode shows up as subnet 192.168.3.1/24 which the vpn server routes for the rest of the home lan

conn slackbox
        auto=route
        left=192.168.2.6
        leftcert=vpn.pem
        leftid="CN=vpn.way-of-the-blade.com"
        leftsubnet=192.168.2.6/24
        leftsourceip=192.168.2.6
        leftauth=pubkey
        mobike = yes
        right=192.81.129.220
        rightcert=slackbox.pem
        rightid="CN=slackbox.way-of-the-blade.com"
        rightsubnet=192.168.3.1/24
        rightauth=pubkey
        dpdaction=restart
        ike=aes256-sha1-modp2048

On the Linode end:

conn stnino
        auto=route
        leftcert=slackbox.pem
        leftid="CN=slackbox.way-of-the-blade.com"
        leftsubnet=192.168.3.1/24
        leftsourceip=192.168.3.1
        leftfirewall=no
        leftauth=pubkey
        mobike=yes
        right=vpn.way-of-the-blade.com
        rightcert=vpn.pem
        rightid="CN=vpn.way-of-the-blade.com"
        rightsubnet=192.168.2.6/24
        rightsourceip=192.168.2.6
        rightauth=pubkey
        ike=aes256-sha1-modp2048

I would HIGHLY recommend this script to setup an OpenVPN. Its ridiculously easy.

https://github.com/Nyr/openvpn-install

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct