01-16-2023 07:36 AM
01-17-2023 12:30 AM
Hi @zloyBarsuk ,
No personal experience but there has been a previous discussion about this you might want to check into.
site-to-site-vpn-with-strongswan-opensource
Hope this helps,
-Kiwi.
01-23-2024 04:37 AM
You need to follow several steps on both devices for setting up VPN. Here's a breakdown of the process:
On the Palo Alto firewall:
1. Create a VPN Tunnel:
Go to Network > VPN > Tunnels.
Click Add and configure your VPN tunnel settings:
Type: IPSec
Name: Choose a descriptive name for your tunnel.
Local Interface: Select the interface connected to your internal network.
Peer Address: Enter the IP address of your VPN gateway/virtual machine running StrongSwan.
Preshared Key: Define a shared secret for authentication.
2. Configure Phase 1 and Phase 2:
Go to Phase 1 and Phase 2 tabs within the tunnel configuration.
- Define the encryption algorithms, authentication methods, and other relevant security settings for both phases as per your desired security level.
- Ensure compatibility with the StrongSwan configuration on your VM.
3. Create Route Policy:
Go to Network > Route > Policies.
Click Add and create a route policy for your VPN tunnel:
Name: Assign a relevant name.
Source Zone: Select the internal zone(s) where traffic originates for the VPN route.
Destination Zone: Choose the "VPN" zone associated with your tunnel.
4. Create Route Tag:
Go to Network > Tags > Route Tags.
* Click Add and create a route tag for your specific traffic:
Name: Choose a descriptive name like.
Match Criteria: Define criteria to identify the desired traffic.
5. Apply Route Policy and Tag:
- Go back to the Route Policy you created.
- In the Tags tab, add the route tag you created earlier.
- This associates the specific traffic defined by the tag with the VPN tunnel route policy.
On the Virtual Machine with StrongSwan:
1. Install StrongSwan:
Ensure StrongSwan is installed and configured on your VM.
2. Configure StrongSwan:
- Edit your StrongSwan configuration files.
- Define settings for your connection to the Palo Alto firewall, including:
- Local/remote addresses.
- Phase 1 and Phase 2 parameters.
- Security algorithms and authentication methods.
3. Bring Up the Connection:
Use the `ipsec up` command or relevant StrongSwan tools to initiate the VPN connection to the Palo Alto firewall.
4. Verify Connectivity and Routing:
Test the VPN connection and validate that the desired traffic from your local network is routed through the tunnel to the VM.
Additional Notes:
* Consult the documentation for your specific Palo Alto firewall model and StrongSwan version for detailed configuration instructions and parameter options.
* Consider applying advanced features of PureVPN or ExpressVPN like split tunneling on the Palo Alto firewall to route only specific traffic through the VPN tunnel.
* Ensure proper firewall rules are in place on both devices to allow traffic flow.
* Test and verify the setup thoroughly before putting it into production.
By following these steps you should be able to establish a VPN tunnel between your Palo Alto firewall and the virtual machine.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
