VPN tunnel via IPSec

Solution 1:

SF isn't really a substitute for google, but one possible way you could go is openswan.

1) Get openswan, the userspace toolchain's in the standard repository, with sudo yum install openswan.

2) Configure your tunnel, perhaps by putting something like this in /etc/ipsec.conf:

conn MYNAME
        # Left endpoint, subnet behind it, next hop toward right
        keyingtries=0
        left=MY-ADDRESS
        leftsubnet=MY-ADDRESS/32
        leftnexthop=MY-NEXT-HOP-ROUTE
        # Right endpoint, subnet behind it, next hop toward left
        right=CISCO-ADDRESS
        rightsubnet=CISCO-ADDRESS/32
        type=tunnel
        authby=secret
        #auth=esp
        keylife=1h
        ikelifetime=1h
        #esp=3des-md5-96
        #pfs=no
        #compress=no
        #keyexchange=ike
        auto=start

This configuration is taken from another CentOS 6 box, linked via IPSec to a CISCO router of some kind, so hopefully it can be fairly easily adapted for your use. You will need to change all the values in CAPITALS. MYNAME is a simple text string that names your tunnel; it's only used locally, for disambiguation; the other values are hopefully self-evident.

3) Put the pre-shared key in /etc/ipsec.secrets, as

MY-ADDRESS CISCO-ADDRESS: PSK "ALongAndVeryRandomString"

Here you need to set all values except "PSK", which is a configuration marker that should remain unchanged. The LongString is a pre-shared random key that the CISCO will need to know as well.

You don't say if you have to configure the CISCO end as well; I'm really hoping you've got someone with network clue to do that bit for you.

Once it's done, bring the tunnel up on the CentOS box with sudo service ipsec start. Find out if it's working with sudo ipsec auto --status|grep MYNAME; you're looking for a non-zero IPSec SA (IPSec SA non-zero is identically equivalent to "tunnel is up").