Strongswan-strongswan-dynamische-ip-cert-id-with-names

Aus xinux.net

Zur Navigation springen Zur Suche springen

gustavo.vpn.int (fix ip)

/etc/ipsec.d/certs/gustavo.vpn.int.crt
/etc/ipsec.d/private/gustavo.vpn.int.key
/etc/ipsec.d/cacerts/ca.crt
/etc/ipsec.conf

conn tiazel-gustavo
        authby=rsasig
        keyexchange=ikev1
        left=%any
        leftid=@tiazel.vpn.int
        leftsubnet="10.83.32.0/24"
        right=10.84.252.33
        rightcert=gustavo.vpn.int.crt
        rightid=@gustavo.vpn.int
        ightsubnet=10.83.33.0/24
        auto=add

/etc/ipsec.secret

: RSA gustavo.vpn.int.key ""

tiazel.vpn.int (dyn ip)

/etc/ipsec.d/certs/tiazel.vpn.int.crt
/etc/ipsec.d/private/tiazel.vpn.int.key
/etc/ipsec.d/cacerts/ca.crt

/etc/ipsec.conf

conn tiazel-gustavo
        authby=rsasig
        keyexchange=ikev1
        leftcert=tiazel.vpn.int.crt
        leftid=@tiazel.vpn.int
        leftsubnet="10.83.32.0/24"
        right="10.84.252.33"
        rightid=@gustavo.vpn.int
        rightsubnet=10.83.33.0/24
        auto=start

/etc/ipsec.secret

: RSA tiazel.vpn.int.key ""

Abgerufen von „https://xinux.net/index.php?title=Strongswan-strongswan-dynamische-ip-cert-id-with-names&oldid=18818“