1) Install openswan yum -y install openswan 2) Clean up install defaults: rm -r /etc/ipsec.d/*.db; rm -f /etc/ipsec.secrets; certutil -N -d /etc/ipsec.d/ (Leave passwords blank) 3) Generate RSA keys. This must be done on each host (sometimes takes 4-6 minutes)
Openswan behind NAT
I found that although there must be many cases where one endpoint of the tunnel is behind a NAT router there wasn’t much detail about the configuration required to get the connection working. I found it very difficult to establish