- Preparation and tools
Use VMWare Workstation 15 Pro to run 2 OS:
– Ubuntu 12.04.5 (local): IP 192.168.5.142 (@localserver)
– Ubuntu 12.04.5 Ver2 (máy đầu xa): IP 192.168.5.143 (@remoteclient)
*Make sure that the two machines can ping each other successfully over the ICMP protocol.

- Start
— Step 1: Download and Install OPENSWAN on both machines, use commands:
sudo apt-get update
sudo apt-get install openswan ipsec-tools
— Step 2: Start IPSec of OPENSWAN
service ipsec start
— Step 3: Generate RSA key on both machines (RSA 512 or 1024 or 2048 bits).
sudo ipsec newhostkey --output /etc/ipsec.secrets --bits 1024

— Step 4: After generating the key, use the following command to view the local machine leftrsasigkey and the remote mchine rightrsasigkey.
On local: sudo ipsec showhostkey --left
On remote: sudo ipsec showhostkey --right

— Step 5: Edit file /etc/ipsec.conf
On both 2 machines, use sudo nano /etc/ipsec.conf to open ipsec.conf file for configuration editing:

— Step 6: On each machine, in turn, edit the hostname of the machine to match with the hostname set for leftid and rightid following the two paths:
sudo nano /etc/hosts
sudo nano /etc/hostname
Below picture is an example with the hostname localserver on the local machine, similar to setting the hostname remoteclient on the remote machine:

— Step 7: Define the gateway at both the local and remote machines.
sudo route add default gw 192.168.5.2
— Step 8: Restart Openswan on both machines.
sudo service ipsec restart

— Step 9: Turn on Wireshark first and choose which network card both the local and remote computers are sharing the same carrier card for Wireshark to capture.
— Step 10: On both machines, add the connection host-to-host to the running ipsec service, then up the connection.
sudo ipsec auto --add host-to-host
sudo ipsec auto --up host-to-host


We can see that Wireshark captured quite a lot of ESP packets which are passed back and forth between two Ubuntu machines.


Thanks for visiting my blog! Hope you will return next time…