VPN with OpenSwan on Fedora 10 x64

The intention of this document is guide you step by step to install openswan on the Fedora Core 10.


Toshiba Laptop Core 2 Duo with 4 GB of ddr2 667.

=Operational System=

Fedora Core 10 x64
*Default configurations

=Installation Process=

To install Openswan in both computers, follow the steps bellow:

==Packages to Install==

#yum -y install openswan ipsec-tools curl

==Generate the keys==

To generate the keys, type the command:
#ipsec newhostkey –output /etc/ipsec.d/keys.secrets –bits 2048 –hostname play2.milton.ca

Remember to do the same procedure in both computers with the proper information.

After that edit the key file and copy the part with the public key and past in the /etc/ipsec.conf, also go to computer B, take its public key and past it in the configuration file.

”’Both computers must have the same configuration file”’

The configuration file of openswan is:


# /etc/ipsec.conf – Openswan IPsec configuration file
# Manual:     ipsec.conf.5
# Please place your own config files in /etc/ipsec.d/ ending in .conf

version 2.0     # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: “none” for none, “all” for lots.
#plutodebug=”control parsing”
interfaces=”ipsec0=eth0″ # interface that connects the computers

# VPN connections
conn play2
# Left security gateway, subnet behind it, next hop toward right.
left= # output ip of computer A
leftsubnet= # subnet computer A
# RSA 2048 bits
leftnexthop= # gateway of computer A
leftsourceip= # internal ip of computer A
rightnexthop= # gateway of computer B
# Right security gateway, subnet behind it, next hop toward left.
right= # output ip of computer B
rightsubnet= # subnet of computer B
rightsourceip= # internal ip of computer B
# RSA 2048 bits
# To authorize this connection, but not actually start it, at startup,
# uncomment this.
auto=add # former argumet = start

include /etc/ipsec.d/*.conf

=Configuring Additional Steps on the OS=

Create the following shell script in the folder /etc/rc.d/ and named it ”’vpn.sh”’


#Thanks Nestor for the script

echo 1 > /proc/sys/net/ipv4/ip_forward
for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $f; done
for f in /proc/sys/net/ipv4/conf/*/send_redirects; do echo 0 > $f; done

==Add a line in /etc/rc.d/rc.local==

*Give the proper permissions in the file: #chmod +x /etc/rc.d/vpn.sh

==Initializing openswan==
#service ipsec start

==Verifying the Status==

#service ipsec status


#ipsec verify

==Activate the service on boot time==
#chkconfig –level 3 ipsec on

=Final Steps=

==Conectivity Test==

From computer A, try to ping computer B

If it was successfully you vpn is working fine.

Now Let’s stop the vpn
# service ipsec stop

From computer A, try to ping computer B again.

At this moment you are not supposed to ping computer B.

Then start ipsec and try ping from both computers.

To make sure everything is working properly, reboot the computer and repeat all tests.

The ”’tcpdump tool”’ could capture some traffic, just to make sure the traffic is encrypted.

The Logs for the OpenSwan can be accessed at:

=Final Consideration=

Sometimes the files are not  blog friendly, then I have another version of this tutorial available in a wiki format:




3 Responses to “VPN with OpenSwan on Fedora 10 x64”

  1. 120mm fan : Says:

    Toshiba laptops are much better than Acer laptops when it comes to longevitiy ..

  2. Brian Says:


    ASUS laptops are much better than acer and toshiba… why?? asus is specialized on motherboards..

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: