Racoon-fritz: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
Zeile 1: | Zeile 1: | ||
+ | =Fritz= | ||
+ | [[Datei:fritz-racoon2.png|1000px]] | ||
+ | =Racoon= | ||
+ | */etc/ipsec-tools.conf | ||
+ | <pre> | ||
+ | #!/usr/sbin/setkey -f | ||
+ | flush; | ||
+ | spdflush; | ||
+ | spdadd 10.83.31.0/24 10.83.42.0/24 any -P out ipsec | ||
+ | esp/tunnel/10.84.252.31-10.84.252.42/require; | ||
+ | spdadd 10.83.42.0/24 10.83.31.0/24 any -P in ipsec | ||
+ | esp/tunnel/10.84.252.42-10.84.252.31/require; | ||
+ | </pre> | ||
+ | */etc/racoon.conf | ||
+ | <pre> | ||
+ | log debug; | ||
+ | path pre_shared_key "/etc/racoon/psk.txt"; | ||
+ | |||
+ | remote anonymous { | ||
+ | exchange_mode aggressive; | ||
+ | my_identifier fqdn zee.vpn.int; | ||
+ | proposal_check obey; | ||
+ | proposal { | ||
+ | encryption_algorithm aes; | ||
+ | hash_algorithm sha1; | ||
+ | authentication_method pre_shared_key; | ||
+ | dh_group 2; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | sainfo address 10.83.31.0/24 any address 10.83.42.0/24 any { | ||
+ | #pfs_group 2; | ||
+ | lifetime time 1 hour ; | ||
+ | encryption_algorithm aes ; | ||
+ | authentication_algorithm hmac_sha1 ; | ||
+ | compression_algorithm deflate ; | ||
+ | } | ||
+ | </pre> | ||
+ | */etc/racoon/psk.txt | ||
+ | 10.84.252.33 suxer | ||
+ | |||
+ | |||
+ | |||
*https://www.ip-phone-forum.de/threads/fritzbox-mit-linux-vpn-verbinden-strongswan-openswan-racoon-anleitung-howto.283014/ | *https://www.ip-phone-forum.de/threads/fritzbox-mit-linux-vpn-verbinden-strongswan-openswan-racoon-anleitung-howto.283014/ | ||
*http://www.computersalat.de/linux/vpn/ipsec-vpn-zwischen-fritzbox-und-linux/ | *http://www.computersalat.de/linux/vpn/ipsec-vpn-zwischen-fritzbox-und-linux/ |
Version vom 5. Dezember 2017, 16:11 Uhr
Fritz
Racoon
- /etc/ipsec-tools.conf
#!/usr/sbin/setkey -f flush; spdflush; spdadd 10.83.31.0/24 10.83.42.0/24 any -P out ipsec esp/tunnel/10.84.252.31-10.84.252.42/require; spdadd 10.83.42.0/24 10.83.31.0/24 any -P in ipsec esp/tunnel/10.84.252.42-10.84.252.31/require;
- /etc/racoon.conf
log debug; path pre_shared_key "/etc/racoon/psk.txt"; remote anonymous { exchange_mode aggressive; my_identifier fqdn zee.vpn.int; proposal_check obey; proposal { encryption_algorithm aes; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2; } } sainfo address 10.83.31.0/24 any address 10.83.42.0/24 any { #pfs_group 2; lifetime time 1 hour ; encryption_algorithm aes ; authentication_algorithm hmac_sha1 ; compression_algorithm deflate ; }
- /etc/racoon/psk.txt
10.84.252.33 suxer