Strongswan zu strongswan psk ikev2 site to site
Zur Navigation springen
Zur Suche springen
ipsec.conf
Erklärung
- /etc/ipsec.conf Erklärung
Datei
conn s2s authby=secret keyexchange=ikev2 left=10.81.1.10 leftsubnet=192.168.10.0/24 mobike=no right=10.81.1.11 rightsubnet=192.168.11.0/24 ike=aes256-sha256-modp4096! esp=aes256-sha256-modp4096! auto=start
ipsec.secrets
- ID Kombination mit Authentifizierungsmethodes
- cat /etc/ipsec.secrets
10.81.1.10 10.81.1.11 : PSK "suxer"
Handling
Up
- ipsec up s2s
Down
- ipsec down s2s
Status
- ipsec status s2s
Security Associations (1 up, 0 connecting): s2s[4]: ESTABLISHED 7 seconds ago, 10.82.227.12[10.82.227.12]...10.82.227.22[10.82.227.22] s2s{4}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: cef198fc_i c4de821a_o s2s{4}: 10.82.243.0/24 === 10.82.244.0/24
TCPDump der Verbindung
- tcpdump -ni eth0 port 500 or esp
Mehrere Subnetze
alice und tiazel
- /etc/ipsec.conf
conn s2s authby=secret keyexchange=ikev2 left=10.81.1.10 leftsubnet=192.168.10.0/24 mobike=no right=10.81.1.11 rightsubnet=192.168.11.0/24,192.168.33.0/24 ike=aes256-sha256-modp4096! esp=aes256-sha256-modp4096! auto=start
- ipsec status