A Demonstration of strongSwan over GroupVPN

Staging Area

Begin by initializing two VirtualBox virtual machines utilizing the Debian operating system. One shall be designated Alice and the other shall be designated Bob. We wish to establish an IPsec tunnel from Alice to Bob utilizing pre-generated certificates and keys (for convenience).

1. Install strongSwan on both machines. The Debian package is of an outdated version, 4.4, but it shall suffice for the purposes of demonstration.

   alice+bob# aptitude install strongswan

2. Download the pre-generated configurations to their respective machines and extract them to the root filesystem.

   alice# wget https://gitorious.org/groupvpn-strongswan/documents/blobs/raw/master/examples/demo-alice-ipsec-config.tgz alice# tar xvzf alice-ipsec-config.tgz -C /

   Repeat the above on Bob, substituting the name where appropriate.

3. Download the GroupVPN configuration to both machines.

   alice+bob# wget https://gitorious.org/groupvpn-strongswan/documents/blobs/raw/master/examples/demo-groupvpn-config.zip

4. Install and start GroupVPN on both Alice and Bob per the instructions found at https://gitorious.org/groupvpn-strongswan/documents/blobs/master/installing_groupvpn.rst It is prudent that you install GroupVPN last, as the package will overwrite your /etc/resolv.conf.

Final Lap

On Alice run

alice# ifconfig

and note the tapipop device's IPv4 address (if it doesn't show up, wait a few seconds and try again). Go to Bob and open the /etc/ipsec.conf file in your favorite editor:

bob# nano /etc/ipsec.conf

Change the line

right=0.0.0.0

to reflect the tapipop IPv4 of Alice. Save the file and restart strongSwan on Bob:

bob# ipsec restart

Now repeat the same procedure on Alice using the IPv4 of Bob.

Run

alice+bob# ipsec status

on either (or both) machine(s) and you should see a message verifying that the IPsec tunnel has been established. If you see none, verify you performed all the steps exactly as described and restart strongSwan on Alice.