Racoon-fritz: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 1: | Zeile 1: | ||
| + | =Fritz= | ||
| + | [[Datei:fritz-racoon2.png|1000px]] | ||
| + | =Racoon= | ||
| + | */etc/ipsec-tools.conf | ||
| + | <pre> | ||
| + | #!/usr/sbin/setkey -f | ||
| + | flush; | ||
| + | spdflush; | ||
| + | spdadd 10.83.31.0/24 10.83.42.0/24 any -P out ipsec | ||
| + | esp/tunnel/10.84.252.31-10.84.252.42/require; | ||
| + | spdadd 10.83.42.0/24 10.83.31.0/24 any -P in ipsec | ||
| + | esp/tunnel/10.84.252.42-10.84.252.31/require; | ||
| + | </pre> | ||
| + | */etc/racoon.conf | ||
| + | <pre> | ||
| + | log debug; | ||
| + | path pre_shared_key "/etc/racoon/psk.txt"; | ||
| + | |||
| + | remote anonymous { | ||
| + | exchange_mode aggressive; | ||
| + | my_identifier fqdn zee.vpn.int; | ||
| + | proposal_check obey; | ||
| + | proposal { | ||
| + | encryption_algorithm aes; | ||
| + | hash_algorithm sha1; | ||
| + | authentication_method pre_shared_key; | ||
| + | dh_group 2; | ||
| + | } | ||
| + | } | ||
| + | |||
| + | sainfo address 10.83.31.0/24 any address 10.83.42.0/24 any { | ||
| + | #pfs_group 2; | ||
| + | lifetime time 1 hour ; | ||
| + | encryption_algorithm aes ; | ||
| + | authentication_algorithm hmac_sha1 ; | ||
| + | compression_algorithm deflate ; | ||
| + | } | ||
| + | </pre> | ||
| + | */etc/racoon/psk.txt | ||
| + | 10.84.252.33 suxer | ||
| + | |||
| + | |||
| + | |||
*https://www.ip-phone-forum.de/threads/fritzbox-mit-linux-vpn-verbinden-strongswan-openswan-racoon-anleitung-howto.283014/ | *https://www.ip-phone-forum.de/threads/fritzbox-mit-linux-vpn-verbinden-strongswan-openswan-racoon-anleitung-howto.283014/ | ||
*http://www.computersalat.de/linux/vpn/ipsec-vpn-zwischen-fritzbox-und-linux/ | *http://www.computersalat.de/linux/vpn/ipsec-vpn-zwischen-fritzbox-und-linux/ | ||
Version vom 5. Dezember 2017, 16:11 Uhr
Fritz
Racoon
- /etc/ipsec-tools.conf
#!/usr/sbin/setkey -f
flush;
spdflush;
spdadd 10.83.31.0/24 10.83.42.0/24 any -P out ipsec
esp/tunnel/10.84.252.31-10.84.252.42/require;
spdadd 10.83.42.0/24 10.83.31.0/24 any -P in ipsec
esp/tunnel/10.84.252.42-10.84.252.31/require;
- /etc/racoon.conf
log debug;
path pre_shared_key "/etc/racoon/psk.txt";
remote anonymous {
exchange_mode aggressive;
my_identifier fqdn zee.vpn.int;
proposal_check obey;
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo address 10.83.31.0/24 any address 10.83.42.0/24 any {
#pfs_group 2;
lifetime time 1 hour ;
encryption_algorithm aes ;
authentication_algorithm hmac_sha1 ;
compression_algorithm deflate ;
}
- /etc/racoon/psk.txt
10.84.252.33 suxer