IPsec can be configured to connect one desktop or workstation (host) to another using a host-to-host connection. This type of connection uses the network to which each host is connected to create a secure tunnel between each host. The requirements of a host-to-host connection are minimal, as is the configuration of IPsec on each host. The hosts need only a dedicated connection to a carrier network (such as the Internet) and Fedora to create the IPsec connection.
188.8.131.52. Host-to-Host Connection
A host-to-host IPsec connection is an encrypted connection between two systems, both running IPsec with the same authentication key. With the IPsec connection active, any network traffic between the two hosts is encrypted.
To configure a host-to-host IPsec connection, use the following steps for each host:
You should perform the following procedures on the actual machine that you are configuring. Avoid attempting to configure and establish IPsec connections remotely.
In a command shell, type system-config-network to start the Network Administration Tool.
On the IPsec tab, click New to start the IPsec configuration wizard.
Click Forward to start configuring a host-to-host IPsec connection.
Enter a unique name for the connection, for example, ipsec0. If required, select the check box to automatically activate the connection when the computer starts. Click Forward to continue.
Select Host to Host encryption as the connection type, and then click Forward.
Select the type of encryption to use: manual or automatic.
If you select manual encryption, an encryption key must be provided later in the process. If you select automatic encryption, the racoon daemon manages the encryption key. The ipsec-tools package must be installed if you want to use automatic encryption.
Click Forward to continue.
Enter the IP address of the remote host.
To determine the IP address of the remote host, use the following command on the remote host:
where <device> is the Ethernet device that you want to use for the VPN connection.
If only one Ethernet card exists in the system, the device name is typically eth0. The following example shows the relevant information from this command (note that this is an example output only):
eth0 Link encap:Ethernet HWaddr 00:0C:6E:E8:98:1D
inet addr:172.16.44.192 Bcast:172.16.45.255 Mask:255.255.254.0
The IP address is the number following the inet addr: label.
For host-to-host connections, both hosts should have a public, routable address. Alternatively, both hosts can have a private, non-routable address (for example, from the 10.x.x.x or 192.168.x.x ranges) as long as they are on the sam LAN.