{"id":2291,"date":"2016-07-15T19:31:07","date_gmt":"2016-07-15T19:31:07","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/?p=2291"},"modified":"2025-06-13T19:26:25","modified_gmt":"2025-06-14T02:26:25","slug":"configuration-ipsec-for-a-couchbase-cluster","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/","title":{"rendered":"Configuring IPsec for a Couchbase Cluster"},"content":{"rendered":"<h2 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 10pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 24px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Introduction<\/span><\/h2>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Some Couchbase deployments require secure communications between nodes across the network, this could be due to reasons like data governance policies or regulatory compliance. \u00a0<\/span><a style=\"text-decoration: none;\" href=\"https:\/\/en.wikipedia.org\/wiki\/IPsec\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #1155cc; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;\">Internet Protocol Security (IPsec) <\/span><\/a><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; vertical-align: baseline; white-space: pre-wrap;\">is a protocol suite for secure Internet Protocol (IP) communications by authenticati<\/span><a style=\"text-decoration: none;\" href=\"https:\/\/en.wikipedia.org\/wiki\/Authentication\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #0b0080; vertical-align: baseline; white-space: pre-wrap;\">ng<\/span><\/a><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; vertical-align: baseline; white-space: pre-wrap;\"> and encrypting each <\/span><a style=\"text-decoration: none;\" href=\"https:\/\/en.wikipedia.org\/wiki\/Packet_(information_technology)#Example:_IP_packets\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #0b0080; vertical-align: baseline; white-space: pre-wrap;\">IP packet<\/span><\/a><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; vertical-align: baseline; white-space: pre-wrap;\"> of a communication session. IPsec can be used in protecting data flows between a pair of hosts (<\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; font-style: italic; vertical-align: baseline; white-space: pre-wrap;\">host-to-host<\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; vertical-align: baseline; white-space: pre-wrap;\">), between a pair of security gateways (<\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; font-style: italic; vertical-align: baseline; white-space: pre-wrap;\">network-to-network<\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; vertical-align: baseline; white-space: pre-wrap;\">), or between a security gateway and a host (<\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; font-style: italic; vertical-align: baseline; white-space: pre-wrap;\">network-to-host<\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #252525; vertical-align: baseline; white-space: pre-wrap;\">). <\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">The goal of this article is to give Couchbase Administrators a quick start on how to configure IPsec across nodes in a Couchbase cluster. \u00a0<\/span><\/p>\n<h2>IPsec Modes<\/h2>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 10pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">IPSec has two modes: tunnel mode and transport mode. The most widely used is tunnel mode, which is usually used for VPN setups (creating tunnel network device in process). Tunnel mode is not practical for a Couchbase cluster, as it would require creating and maintaining tunnels between all pairs of nodes. <\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 10pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Transport mode is needed when securing communication across nodes in the same network. It allows use of IPsec on a per-packet basis. Completely transparently for applications.<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 10pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">IPSec can provide authentication of packets (i.e. ensure that packets that are received are packets from trusted nodes) and encryption of packets. Transport mode and associated Security Policy Database entries allow setting up behavior required for a Couchbase cluster:<\/span><\/p>\n<ul style=\"margin-top: 0pt; margin-bottom: 0pt;\">\n<li dir=\"ltr\" style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; background-color: transparent;\">\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 10pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 14.6667px; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">specific kinds of incoming packets are only accepted if encapsulated in ipsec and valid (dropped otherwise)<\/span><\/p>\n<\/li>\n<li dir=\"ltr\" style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; background-color: transparent;\">\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 14.6667px; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">specific kinds of outgoing packets are required to be encapsulated in ipsec<\/span><\/p>\n<\/li>\n<\/ul>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 10pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Usually \u201cspecific kind\u201d is going to be something like: <\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; font-style: italic; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">all packets from\/to couchbase cluster network segment<\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">. Or it can be something like all: <\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; font-style: italic; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">all packets to\/from couchbase service ports.<\/span><\/p>\n<h2 dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; text-align: justify;\"><\/h2>\n<h2 dir=\"ltr\">Requirements<\/h2>\n<ul dir=\"ltr\">\n<li>\n<h2 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; font-weight: 400; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Linux Distribution (Debian is used for this blog). Windows does support IPsec, this was not tested. <\/span><\/h2>\n<\/li>\n<li style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Linux Openswan U2.6.32\/K2.6.32-573.el6.x86_64 (netkey) or higher<\/span><\/li>\n<li style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Couchbase 4.1 or higher<\/span><\/li>\n<li><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Sudo\/root user access to the system<\/span><\/li>\n<\/ul>\n<h2>Installation and Configuration\u00a0of OpenSwan<\/h2>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">From the command line using sudo, the following command was run on each node. For other linux distro use your appropriate package manager.<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"color: #000000; font-family: Arial; font-size: 14.6667px; line-height: 20.24px; text-align: left; white-space: pre-wrap;\"># sudo apt-get update<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># sudo apt-get install openswan<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">The installer may prompt the user to create a x.509 certificate, do not create a x.509 certificate. <\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">IPsec needs to configured for transport mode. \u00a0In the demonstration environment created for this blog, we have two nodes: 10.0.2.4 and 10.0.2.5. \u00a0<\/span><\/p>\n<h3 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\">Steps<\/h3>\n<p dir=\"ltr\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">1 &#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0On each node &#8211; add a line in the \/etc\/ipsec.secrets file: ipaddress_node1 ipaddress_node2: PSK &#8220;some_key&#8221;<\/span><\/p>\n<div style=\"text-align: center;\"><img decoding=\"async\" src=\"\/wp-content\/original-assets\/2016\/june\/configuration-ipsec-for-a-couchbase-cluster\/ipsecrets.png\" \/><\/div>\n<div><\/div>\n<div><\/div>\n<div>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">2\u00a0\u00a0&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0Modify the \/etc\/ipsec.conf file to use *.conf files located in the ipsec.d subdirectory. \u00a0This allows for easy automation if you need to add nodes to the cluster. \u00a0Each pair of nodes needs its own entry. \u00a0<\/span><\/p>\n<div><\/div>\n<div style=\"text-align: center;\"><img decoding=\"async\" src=\"\/wp-content\/original-assets\/2016\/june\/configuration-ipsec-for-a-couchbase-cluster\/ipsecconf.png\" \/><\/div>\n<div><\/div>\n<div>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">3 \u00a0&#8211;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Create a configuration file in the \/etc\/ipsec.d\/ directory with the following information:<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">conn couchbase<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-indent: 36pt;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">type=transport<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-indent: 36pt;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">authby=secret<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-indent: 36pt;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">left=<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-indent: 36pt;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">right=<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-indent: 36pt;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">pfs=yes<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-indent: 36pt;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">auto=start<\/span><\/p>\n<ul>\n<li style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">conn couchbase -connection: arbitrary label for your connection. This can be anything you&#8217;d like<\/span><\/li>\n<li style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">type=transport: we want to use transport mode for this connection<\/span><\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">authby=secret: we&#8217;ll be using a pre-shared key (PSK) for this connection. <\/span><\/li>\n<li style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">left=10.0.2.4: this and the next line are just denoting the IP addresses involved in this IPsec association. It does not matter which IP is &#8220;left&#8221; and which is &#8220;right&#8221;.<\/span><\/li>\n<li style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">right=10.0.2.5: see above bullet.<\/span><\/li>\n<li style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">pfs=yes: we want to enable Perfect Forward Secrecy for this connection. In short, this drastically improves security. I<\/span><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">auto=start: We want to pro-actively initiate the IPsec association immediately. This can also be set to auto=start, in which case it waits for the other end of the connection to initiate traffic.<\/span><\/li>\n<\/ul>\n<p style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: center;\"><img decoding=\"async\" src=\"\/wp-content\/original-assets\/2016\/june\/configuration-ipsec-for-a-couchbase-cluster\/connection.png\" \/><\/p>\n<div>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">4 \u00a0&#8211; Enable IPSec to use the new configuration on both nodes: <\/span><span style=\"color: #000000; font-family: Consolas; font-size: 14.6667px; white-space: pre-wrap; line-height: 1.38; background-color: transparent;\">#sudo service ipsec restart<\/span><\/p>\n<div>\n<h2 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 24px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Testing the setup<\/span><\/h2>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">From a command line on one node, type the following command: \u00a0<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><strong><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">#ping <\/span><\/strong><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: center;\"><img decoding=\"async\" src=\"\/wp-content\/original-assets\/2016\/june\/configuration-ipsec-for-a-couchbase-cluster\/untitledping.png\" \/><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">From the other node, use the command line and type : \u00a0(desired result) If you get no messages, you will need to debug your setup (please refer to IPsec Guides listed below)<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><strong><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">#sudo tcpdump esp<\/span><\/strong><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: center;\"><img decoding=\"async\" src=\"\/wp-content\/original-assets\/2016\/june\/configuration-ipsec-for-a-couchbase-cluster\/untitled.png\" \/><\/p>\n<\/div>\n<div>\n<h2 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"color: #000000; font-family: Arial; font-size: 13.3333px; line-height: 18.4px; white-space: pre-wrap;\">Note: ESP = Encapsulating Security Payload<\/span><\/h2>\n<h2 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;\"><span style=\"font-size: 24px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Couchbase Configuration<\/span><\/h2>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Install Couchbase on each node, a simple two node configuration. Set up the cluster. \u00a0All communication between the two nodes can be traced using the tcpdump esp command, the sample above documents communication between two Couchbase nodes. <\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: center;\"><strong><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">Couchbase Test Cluster:<\/span><\/strong><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: center;\"><img decoding=\"async\" src=\"\/wp-content\/original-assets\/2016\/june\/configuration-ipsec-for-a-couchbase-cluster\/cb_ipsec_cluster.png\" alt=\"Couchbase Test Cluster\" \/><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: center;\"><strong>Screenshot &#8211; #sudo tcpdump esp<\/strong><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: center;\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-8147 size-full\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2016\/07\/hippogallery_original.png\" alt=\"\" width=\"763\" height=\"600\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2016\/07\/hippogallery_original.png 763w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2016\/07\/hippogallery_original-300x236.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2016\/07\/hippogallery_original-20x16.png 20w\" sizes=\"auto, (max-width: 763px) 100vw, 763px\" \/><\/p>\n<h2 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><\/h2>\n<h2 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\">References<\/h2>\n<p dir=\"ltr\">IPsec Overview <span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">&#8211; <\/span><a style=\"text-decoration: none;\" href=\"https:\/\/en.wikipedia.org\/wiki\/IPsec\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #1155cc; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">https:\/\/en.wikipedia.org\/wiki\/IPsec<\/span><\/a><\/p>\n<p dir=\"ltr\">Implementating IPsec Transport Mode &#8211;\u00a0 <a style=\"text-decoration: none;\" href=\"https:\/\/andersonfam.org\/2014\/04\/02\/ipsec-transport-mode\/\"><span style=\"font-size: 14.6667px; font-family: Arial; color: #1155cc; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">https:\/\/andersonfam.org\/2014\/04\/02\/ipsec-transport-mode\/<\/span><\/a><\/p>\n<div>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\">Using StrongSwan (3 node example) &#8211;\u00a0<a href=\"https:\/\/blog.sprinternet.at\/2016\/03\/ipsec-transport-mode-with-strongswan-on-debian-jessie\/\">https:\/\/blog.sprinternet.at\/2016\/03\/ipsec-transport-mode-with-strongswan-on-debian-jessie\/<\/a><\/p>\n<h2 dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\">Sample Configuration Files used for this Test<\/h2>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><strong><span style=\"font-size: 14.6667px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\/etc\/ipsec.conf<\/span><\/strong><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># \/etc\/ipsec.conf &#8211; Openswan IPsec configuration file<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">#<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># Manual: \u00a0\u00a0\u00a0\u00a0ipsec.conf.5<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">#<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># Please place your own config files in \/etc\/ipsec.d\/ ending in .conf<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">version 2.0 \u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># conforms to second version of ipsec.conf specification<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># basic configuration<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">config setup<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># Debug-logging controls: \u00a0&#8220;none&#8221; for (almost) none, &#8220;all&#8221; for lots.<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># klipsdebug=none<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># plutodebug=&#8221;control parsing&#8221;<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># For Red Hat Enterprise Linux and Fedora, leave protostack=netkey<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">protostack=netkey<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">nat_traversal=yes<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">virtual_private=<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">oe=off<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># Enable this if you see &#8220;failed to find any available worker&#8221;<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\"># nhelpers=0<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">#You may put your configuration (.conf) file in the &#8220;\/etc\/ipsec.d\/&#8221; and uncomment this.<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">include \/etc\/ipsec.d\/*.conf<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 12pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 13.3333px; font-family: Arial; color: #000000; font-weight: bold; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\/etc\/ipsecrets<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 12pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Consolas; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">include \/etc\/ipsec.d\/*.secrets<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 12pt; color: #333333; text-align: left; line-height: 1.38;\"># use IP addresses from your own environment<\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 12pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Consolas; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">10.0.2.4 10.0.2.5: PSK &#8220;sharedkey&#8221;<\/span><\/p>\n<p><span style=\"color: #333333; line-height: 20.8px; text-align: left;\">\u00a0<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 12pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 13.3333px; font-family: Arial; color: #000000; font-weight: bold; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\/etc\/ipsec.d\/couchbase.conf<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">conn couchbase<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">type=transport<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">authby=secret<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; line-height: 20.8px; text-align: left;\"><span style=\"line-height: 1.38; font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"line-height: 1.38; font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"line-height: 1.38; font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">left=10.0.2.4<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">right=10.0.2.4<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">pfs=y<\/span><\/p>\n<p dir=\"ltr\" style=\"margin-top: 0pt; margin-bottom: 0pt; color: #333333; text-align: left; line-height: 1.38;\"><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0\u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">\u00a0\u00a0 \u00a0<\/span><span style=\"font-size: 12px; font-family: Arial; color: #000000; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;\">auto=start<\/span><\/p>\n<p dir=\"ltr\" style=\"line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"color: #333333; line-height: 20.8px; text-align: left;\">\u00a0<\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Introduction Some Couchbase deployments require secure communications between nodes across the network, this could be due to reasons like data governance policies or regulatory compliance. \u00a0Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by [&hellip;]<\/p>\n","protected":false},"author":62,"featured_media":13873,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1815,1821,1813],"tags":[1666],"ppma_author":[9037],"class_list":["post-2291","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-best-practices-and-tutorials","category-couchbase-architecture","category-security","tag-encryption"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.7.1 (Yoast SEO v25.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Configuring IPsec for a Couchbase Cluster - The Couchbase Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Configuring IPsec for a Couchbase Cluster\" \/>\n<meta property=\"og:description\" content=\"Introduction Some Couchbase deployments require secure communications between nodes across the network, this could be due to reasons like data governance policies or regulatory compliance. \u00a0Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2016-07-15T19:31:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-14T02:26:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2016\/07\/hippogallery_original.png\" \/>\n<meta name=\"author\" content=\"Tim Wong\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tim Wong\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/\"},\"author\":{\"name\":\"Tim Wong\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/4ca397e4a4b7910c4217dcd0bb274767\"},\"headline\":\"Configuring IPsec for a Couchbase Cluster\",\"datePublished\":\"2016-07-15T19:31:07+00:00\",\"dateModified\":\"2025-06-14T02:26:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/\"},\"wordCount\":901,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"keywords\":[\"Encryption\"],\"articleSection\":[\"Best Practices and Tutorials\",\"Couchbase Architecture\",\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/\",\"name\":\"Configuring IPsec for a Couchbase Cluster - The Couchbase Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"datePublished\":\"2016-07-15T19:31:07+00:00\",\"dateModified\":\"2025-06-14T02:26:25+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#primaryimage\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"width\":1800,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.couchbase.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Configuring IPsec for a Couchbase Cluster\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"width\":218,\"height\":34,\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/4ca397e4a4b7910c4217dcd0bb274767\",\"name\":\"Tim Wong\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/c0277462aa4e7844e6e72ac8b21b2daf\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9ecd75e12fec9d49bc9599a17f69a1dc760735d319d2b3aeb2ce009a1d489ccc?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9ecd75e12fec9d49bc9599a17f69a1dc760735d319d2b3aeb2ce009a1d489ccc?s=96&d=mm&r=g\",\"caption\":\"Tim Wong\"},\"description\":\"Tim is a Principal Solutions Consultant at Couchbase supporting accounts in the San Francisco Bay Area. He has worked with database, enterprise data integration (batch, real time, cloud) and business intelligence technologies for over 20 years with stints at Oracle, TIBCO and Informatica.\",\"url\":\"https:\/\/www.couchbase.com\/blog\/author\/tim-wong\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Configuring IPsec for a Couchbase Cluster - The Couchbase Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/","og_locale":"en_US","og_type":"article","og_title":"Configuring IPsec for a Couchbase Cluster","og_description":"Introduction Some Couchbase deployments require secure communications between nodes across the network, this could be due to reasons like data governance policies or regulatory compliance. \u00a0Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by [&hellip;]","og_url":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/","og_site_name":"The Couchbase Blog","article_published_time":"2016-07-15T19:31:07+00:00","article_modified_time":"2025-06-14T02:26:25+00:00","og_image":[{"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2016\/07\/hippogallery_original.png","type":"","width":"","height":""}],"author":"Tim Wong","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Tim Wong","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/"},"author":{"name":"Tim Wong","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/4ca397e4a4b7910c4217dcd0bb274767"},"headline":"Configuring IPsec for a Couchbase Cluster","datePublished":"2016-07-15T19:31:07+00:00","dateModified":"2025-06-14T02:26:25+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/"},"wordCount":901,"commentCount":0,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","keywords":["Encryption"],"articleSection":["Best Practices and Tutorials","Couchbase Architecture","Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/","url":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/","name":"Configuring IPsec for a Couchbase Cluster - The Couchbase Blog","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","datePublished":"2016-07-15T19:31:07+00:00","dateModified":"2025-06-14T02:26:25+00:00","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","width":1800,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/configuration-ipsec-for-a-couchbase-cluster\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Configuring IPsec for a Couchbase Cluster"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"The Couchbase Blog","description":"Couchbase, the NoSQL Database","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"The Couchbase Blog","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","width":218,"height":34,"caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/4ca397e4a4b7910c4217dcd0bb274767","name":"Tim Wong","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/c0277462aa4e7844e6e72ac8b21b2daf","url":"https:\/\/secure.gravatar.com\/avatar\/9ecd75e12fec9d49bc9599a17f69a1dc760735d319d2b3aeb2ce009a1d489ccc?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9ecd75e12fec9d49bc9599a17f69a1dc760735d319d2b3aeb2ce009a1d489ccc?s=96&d=mm&r=g","caption":"Tim Wong"},"description":"Tim is a Principal Solutions Consultant at Couchbase supporting accounts in the San Francisco Bay Area. He has worked with database, enterprise data integration (batch, real time, cloud) and business intelligence technologies for over 20 years with stints at Oracle, TIBCO and Informatica.","url":"https:\/\/www.couchbase.com\/blog\/author\/tim-wong\/"}]}},"authors":[{"term_id":9037,"user_id":62,"is_guest":0,"slug":"tim-wong","display_name":"Tim Wong","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/9ecd75e12fec9d49bc9599a17f69a1dc760735d319d2b3aeb2ce009a1d489ccc?s=96&d=mm&r=g","author_category":"","last_name":"Wong","first_name":"Tim","job_title":"","user_url":"","description":"Tim is a Principal Solutions Consultant at Couchbase supporting accounts in the San Francisco Bay Area. He has worked with database, enterprise data integration (batch, real time, cloud) and business intelligence technologies for over 20 years with stints at Oracle, TIBCO and Informatica."}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/2291","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/users\/62"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/comments?post=2291"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/2291\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media\/13873"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media?parent=2291"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/categories?post=2291"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/tags?post=2291"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=2291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}