Red Hat Summit Red Hat Summit지원콘솔개발자평가판 시작연락처

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

2.7. Securing Virtual Private Networks (VPNs)

In Red Hat Enterprise Linux 6, a Virtual Private Network (VPN) can be configured using the IPsec tunneling protocol which is supported by the Libreswan application. Libreswan is a fork of the Openswan application and examples in documentation should be interchangeable. The NetworkManager IPsec plug-in is called NetworkManager-openswan.

Note

Libreswan replaced Openswan as the preferred implementation of IPsec in Red Hat Enterprise Linux 6.8. Performing an upgrade from a version earlier than 6.8 replaces the openswan package with libreswan.
Libreswan is an open-source, user-space IPsec implementation available in Red Hat Enterprise Linux 6. It uses the Internet key exchange (IKE) protocol. IKE version 1 and 2 are implemented as a user-level daemon. Manual key establishment is also possible via ip xfrm commands, however this is not recommended. Libreswan interfaces with the Linux kernel using netlink to transfer the encryption keys. Packet encryption and decryption happen in the Linux kernel.
Libreswan uses the network security services (NSS) cryptographic library, which is required for Federal Information Processing Standard (FIPS) security compliance.

2.7.1. IPsec VPN Using Libreswan
링크 복사

To install Libreswan, issue the following command as root. Note that the libreswan package is available from the Extras repository, which needs to be enabled for the installation to succeed. See How to enable/disable a repository using Red Hat Subscription Manager? (The ID of the Extras repository is rhel-6-server-extras-rpms.) 
~]# yum install libreswan
Copy to Clipboard Toggle word wrap
To check that Libreswan is installed, issue the following command: 
~]$ yum info libreswan
Copy to Clipboard Toggle word wrap
After a new installation of Libreswan the NSS database should be initialized as part of the install process. However, should you need to start a new database, first remove the old database as follows: 
~]# rm /etc/ipsec.d/*db
Copy to Clipboard Toggle word wrap
Then, to initialize a new NSS database, issue the following command as root: 
~]# ipsec initnss
Initializing NSS database
See 'man pluto' if you want to protect the NSS database with a password
Copy to Clipboard Toggle word wrap
To start the ipsec daemon provided by Libreswan, issue the following command as root: 
~]# service ipsec start
Copy to Clipboard Toggle word wrap
To confirm that the daemon is now running: 
~]$ service ipsec status
pluto (pid  3496) is running...
Copy to Clipboard Toggle word wrap
To ensure that Libreswan will start when the system starts, issue the following command as root: 
~]# chkconfig ipsec on
Copy to Clipboard Toggle word wrap
Configure any intermediate as well as host-based firewalls to permit the ipsec service. See Section 2.8, “Firewalls” for information on firewalls and allowing specific services to pass through. Libreswan requires the firewall to allow the following packets:
  • UDP port 500 for the Internet Key Exchange (IKE) protocol
  • UDP port 4500 for IKE NAT-Traversal
  • Protocol 50 for Encapsulated Security Payload (ESP) IPsec packets
  • Protocol 51 for Authenticated Header (AH) IPsec packets (uncommon)
We present three examples of using Libreswan to set up an IPsec VPN. The first example is for connecting two hosts together so that they may communicate securely. The second example is connecting two sites together to form one network. The third example is supporting roaming users, known as road warriors in this context.
맨 위로 이동
Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

Theme

© 2026 Red Hat