Strongswan zu racoon psk
Zur Navigation springen
Zur Suche springen
Strongswan konfigurieren ( PSK )
Tunnel Parameter definieren
- Tunnelkonfiguration
/etc/ipsec.conf
keyexchange=ikev1 authby=secret left=192.168.244.152 leftsubnet=10.88.88.0/24 right=192.168.244.151 rightsubnet=10.18.44.0/24 ike=aes256-md5-modp1024 esp=aes256-md5-modp1024 auto=add
- PSK definieren
/etc/ipsec.secrets
192.168.244.152 192.168.244.151 : PSK "katzenklo"
Racoon (PSK )
Tunnel Parameter definieren
- Tunnelkonfiguration
/etc/racoon/racoon.conf
path pre_shared_key "/etc/racoon/psk.txt"; remote 192.168.244.151 { exchange_mode main; proposal { encryption_algorithm aes256; hash_algorithm md5; authentication_method pre_shared_key; dh_group modp1024; } generate_policy off; } sainfo address 10.88.88.0/24 any address 10.18.44.0/24 any { pfs_group modp1024; encryption_algorithm aes256; authentication_algorithm hmac_md5; compression_algorithm deflate; }
/etc/ipsec-tools.conf
#!/usr/sbin/setkey -f flush; spdflush; spdadd 10.88.88.0/24 10.18.44.0/24 any -P out ipsec esp/tunnel/192.168.244.152-192.168.244.151/require; spdadd 10.18.44.0/24 10.88.88.0/24 any -P in ipsec esp/tunnel/192.168.244.151-192.168.244.152/require;
- PSK definieren
/etc/racoon/psk.txt
192.168.244.151 katzenklo