Hey, folks!
I was wondering if anyone has any guidance on how to configure LibreSWAN to
connect to a Palo Alto firewall which would terminate an IPSec VPN.
This is not a Road-warrior connection type use-case -- this will be an "Always
On" case in which the VPN would be invoked as part of the bootup of a Linux
(RHEL) VM.
I have successfully configured it when both endpoints were LibreSWAN, but now
want to move it onto hardware-based VPN endpoint due to the number of
concurrent connections from different systems. There is no need for L2TP --
just a basic routed IPSec tunnel.
The configuration on the Palo right now expects simple User ID and password to
connect.
No need (or want) split-tunneling -- I expect to modify the route table of the
VPN client to shove every packet into the VPN tunnel.
All of the VPN clients share a dedicated IP subnet which is routed by the Palo
Alto. Since these clients are NOT road warriors, their real ("eth0") IP
address is always static.
There is no NATing anywhere in the path.
I've searched through the mail list archives and google and have found several
examples using Cisco VPN (which uses PSK), but nothing on Palo Alto.
Any suggestions would be appreciated!
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
