# if you are logged in with your normal user you have to become root now
sudo su -
# add transfer network to eth0 (as secondary IP address), since strongswan expects packets from/to 172.20.0.0/22
cat << EOF >> /etc/sysconfig/network-scripts/ifcfg-eth0:0
BOOTPROTO=static
DEVICE=eth0:0
ONBOOT=yes
IPADDR=172.20.0.1
NETMASK=255.255.255.0
EOF
# disable automatic updating of /etc/resolv.conf
cat << EOF >> /etc/sysconfig/network-scripts/ifcfg-eth0
DNS1=127.0.0.1
PEERDNS=no
EOF
# clear resolv.conf once
echo "" > /etc/resolv.conf
# install strongswan
yum install -y strongswan
# add ipsec config and use the internal IP of your instance for the <cloud-ip>
cat << EOF >> /etc/strongswan/ipsec.conf
conn cmts-cm
left=<cloud-ip>
leftsubnet=172.20.0.0/22
leftid=<cloud-ip>
leftfirewall=yes
right=<cmts-ip>
rightsubnet=10.0.0.0/19
rightid=<cmts-ip>
auto=start
ike=aes256-sha-modp1536
esp=aes256-sha1-modp1536
keyexchange=ikev1
authby=secret
conn cmts-cpepriv
also=cmts-cm
rightsubnet=100.64.0.0/22
conn cmts-mta
also=cmts-cm
rightsubnet=100.96.0.0/22
EOF
# add pre-shared key
echo '<cloud-ip> <cmts-ip> : PSK "<secret>"' >> /etc/strongswan/ipsec.secrets
# restart network
systemctl restart network.service
# enable strongswan
systemctl enable strongswan
systemctl start strongswan |