strongswan | Tech Notes / RtoDto.net

In one of my earlier posts I provided my configuration for an IPSEC VPN setup between an SRX firewall and Linux with racoon. In this post, I will explain how you can set up a route based IPSEC tunnel between StrongSwan (pre-shared key) and SRX firewall. Topology of my setup is below;

Tunnel Peers: debian1 and j41
Tunnel End point addresses: debian1(192.168.3.11) — j41(212.45.64.2)
Protected Networks: debian1(10.33.1.0/24) — j41(10.34.1.0/24)
SRX Junos Release: 12.1X46-D15.3
StrongSwan Release: 4.5.2-1.5+deb7u2

LINUX

Create your strongswan configuration files as below;

/etc/ipsec.conf

config setup
        charonstart=yes
        plutostart=yes

conn j41-srx
     authby=secret
     auto=start     
     esp=aes128-sha1,3des-sha1!
     ike=aes128-sha1-modp2048,3des-sha1-modp1536!
     ikelifetime=28800
     keyexchange=ikev1
     leftid=@debian1.example.com
     rightid=@j41.example.com
     left=192.168.3.11
     right=212.45.64.2
     leftsubnet=10.33.1.0/24
     rightsubnet=10.34.1.0/24

config setup

charonstart=yes

plutostart=yes

conn j41-srx

authby=secret

auto=start

esp=aes128-sha1,3des-sha1!

ike=aes128-sha1-modp2048,3des-sha1-modp1536!

ikelifetime=28800

keyexchange=ikev1

leftid=@debian1.example.com

rightid=@j41.example.com

left=192.168.3.11

right=212.45.64.2

leftsubnet=10.33.1.0/24

rightsubnet=10.34.1.0/24

Continue reading →

Tech Notes / RtoDto.net

SRX,JunOS,Linux and security

Tag Archives: strongswan

IPSEC between StrongSwan and SRX