HP StoreOnce Backup System Linux and UNIX Configuration Guide (BB852-90952)
Data In Flight Encryption.) Create the corresponding .conf/.secrets pair and IPsec rule on
the media server which backs up data to the StoreOnce Backup system.
The following procedure describes the procedure for Linux servers running RHEL v5 and RHEL v6.
1. Use your operating system’s installer to install openswan.
2. Edit the /etc/ipsec.conf file to uncomment and include the /etc/ipsec.d/*.conf
line at the end.
3. Create /etc/ipsec.d/storeonce.conf on the media server with the following example.
(The whitespace at the start of some lines is required. Replace the IP addresses with your own;
the left address (below) belongs to the media server; and the right belongs to the HP
StoreOnce Backup system.)
Example
conn storeonceipsec
authby=secret
type=transport
left=16.26.134.81
right=16.26.134.158
auto=start
NOTE: You must create one of the above files for every HP StoreOnce data IP address.
4. Create /etc/ipsec.d/storeonce.secrets on the media server. This file contains the
passphrase required to pair the media server with the HP StoreOnce Backup system. For
example:
16.26.134.81 16.26.134.158: PSK <mysharedprivatekey>
NOTE: Note the following:
• The first part of the created filename should match the name of the .conf filename.
• The IP addresses should be changed to reflect the system’s.
• For other applicable operating systems, configuration files should be created as directed
in the operating system’s instructions, using the above configuration.
5. Run service ipsec start on on the media server (It is already running on the HP StoreOnce
Backup system). The auto-start option should bring up the required connection. Run tcpdump
to confirm.
6. If required, run chkconfig ipsec on to have openswan start up at boot.
When running tcpdump on the server (e.g., tcpdump -i any host 16.26.134.158),
ping the address of the StoreOnce appliance (e.g., ping 16.26.134.158). The output of
tcpdump should show the ESP packets between the server and the StoreOnce appliance
(e.g., 04:29:44.283019 IP 16.26.134.81 > 16.26.134.158:
ESP(spi=0x012abce0,seq=0x12345), length 1476.
Introduction 37