Strongswan zu windows sieben

Aus xinux.net
Zur Navigation springen Zur Suche springen

VPN Gateway zertifikat

create certs

ipsec pki

  • ipsec pki --gen > ca.key
  • ipsec pki --self --in ca.key --dn "C=DE, O=willux, CN=willux-ca" --ca > ca.crt
  • ipsec pki --gen > huey.xinux.org.key
  • ipsec pki --pub --in huey.xinux.org.key | ipsec pki --issue --flag serverAuth --flag ikeIntermediate --san huey.xinux.org --cacert ca.crt --cakey ca.key --dn "C=DE, O=willux, CN=huey.xinux.org" > huey.xinux.org.crt

openssl

certs

  • /etc/ipsec.d/certs/huey.xinux.org.crt
  • /etc/ipsec.d/cacerts/xinux-ca.crt
  • /etc/ipsec.d/private/huey.xinux.org.key

/etc/ipsec.conf

config setup
    #plutostart=no

conn %default
    keyexchange=ikev2
    ike=aes256-sha1-modp1024!
    esp=aes256-sha1!
    dpdaction=clear
    dpddelay=300s
    rekey=no

conn win7
    left=%any
    leftsubnet=0.0.0.0/0
    leftauth=pubkey
    leftcert=huey.xinux.org.crt
    leftid=@huey.xinux.org
    right=%any
    rightsourceip=10.10.3.0/24
    rightauth=eap-mschapv2
    #rightsendcert=never   # see note
    eap_identity=%any
    auto=add

/etc/ipsec.secrets

: RSA huey.xinux.org.key "lummel"
thomas : EAP "tummel"
xinux  : EAP "wummel"

/etc/strongswan.conf

charon {
        dns1  = 192.168.240.200
        nbns1 = 192.168.240.200
        load_modular = yes
        
}

windows client

  • wichtig

DNS name verwenden keine IP

Abgerufen von „https://xinux.net/index.php?title=Strongswan_zu_windows_sieben&oldid=5583