Vpn Configuration - Cyclades AlterPath ACS Command Reference Manual

Network

VPN configuration

Often it may be useful to have explicitly configured IPsec tunnels between the Console
Server and a gateway of an office with a fixed IP address (in this case every machine on
the office network would have a secure connection with the Console Server), or between
the Console Server and the Console Server administrator machine, which must, in this
case, have a fixed IP address.
To do it just insert this connection description in your ipsec.conf file with the variables
that fit your environment:
# sample tunnel
# The network here looks like:
# ACS ----acsnexthop......rightnexthop----right====rightsubnet
# If ACS and right are on the same Ethernet, omit leftnexthop and
# rightnexthop.
conn sample
# ACS
left=10.0.0.1
leftid=@acs.example.com
# next hop to reach right
leftnexthop=10.44.55.66
# This line is only for RSA signature
leftrsasigkey=0s1LgR7/oUM...
# right s.g., subnet behind it, and next hop to reach left
right=10.12.12.1
rightid=@xy.example.com
rightnexthop=10.88.77.66
rightsubnet=192.168.0.0/24
# Start this connection when IPsec starts
auto=start
# This line is for RSA signature
rightrsasigkey=0s1LgR7/oUM...
The connection name line: "conn sample" must start on the FIRST column of
IMPORTANT!
the line. All other lines after that line must be indented by 1 TAB. This is MANDATORY.
There is an alternative way to configure the left and right ipsec rsa keys. Instead of
TIP.
typing (copy/paste) the entire rsa key in the fields: leftrsasigkey and rightrsasigkey inside the
/etc/ipsec.conf file, the administrator can just type in the filename where the rsa key was
generated. Example:
leftrsasigkey=@file /etc/ACS48AL.lrsa
File Description 4.3: Sample of the ipsec.conf file
138