Install Openswan
apt-get install openswan
You may wish to run reconfig in future for change of setting
dpkg-reconfigure openswan
Below are required for forwarding. Execute line by line
sudo vim -c '%s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/gc' -c 'wq' /etc/sysctl.conf
sudo vim -c '%s/#net.ipv4.conf.all.accept_redirects = 0/net.ipv4.conf.all.accept_redirects = 0/gc' -c 'wq' /etc/sysctl.conf
sudo vim -c '%s/#net.ipv4.conf.all.send_redirects = 0/net.ipv4.conf.all.send_redirects = 0/gc' -c 'wq' /etc/sysctl.conf
sudo vim -c '%s/#net.ipv4.conf.default.rp_filter=1/net.ipv4.conf.default.rp_filter=0/gc' -c 'wq' /etc/sysctl.conf
sudo echo "net.ipv4.conf.default.accept_source_route = 0" | sudo tee -a /etc/sysctl.conf
sudo echo "net.ipv4.conf.default.send_redirects = 0" | sudo tee -a /etc/sysctl.conf
sudo echo "net.ipv4.icmp_ignore_bogus_error_responses = 1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
Configuration file for ipsec
sudo nano /etc/ipsec.conf
Add the following at the end to create “conn kim”
conn kim
authby=secret
pfs=no
auto=start
keyingtries=%forever
ikelifetime=8h
keylife=1h
ike=3des-md5;modp1024
phase2alg=3des-md5
type=tunnel
left=xx.xx.xx.xx
leftsubnet=192.168.1.0/24
leftsourceip=192.168.1.242 # this is required for routing later with static route entry
aggrmode=no
right=xx.xx.xx.xx
rightsubnet=192.168.32.0/24
dpddelay=10
dpdtimeout=3600
dpdaction=restart
left=public ip of site A
leftsubnet=local subnet of site A
right=public ip of site B
rightsubnet=local subnet of site B
The password must be the same for both Site A & Site B
sudo nano /etc/ipsec.secrets
# <Site A> <Site B> Must be Public IPs
#xx.xx.xx.xx xx.xx.xx.xx : PSK "Password"
#If you only have 1 site to site, use below
%any %any : PSK "Password"
Restart IPsec service
sudo service ipsec restart
Check connection
sudo ipsec auto --up $CONN_NAME
Add static route for both sites
sudo route add -net 192.168.x.x netmask 255.255.255.0 gw $SITE_B_LOCAL_IP