Strongswan-strongswan-dynamische-ip-cert: Unterschied zwischen den Versionen

Aus xinux.net
Zur Navigation springen Zur Suche springen
 
Zeile 37: Zeile 37:
 
         rightid="C=de, ST=rp, L=zw, O=vogel-it, OU=it, CN=gustavo.vpn.int"
 
         rightid="C=de, ST=rp, L=zw, O=vogel-it, OU=it, CN=gustavo.vpn.int"
 
         rightsubnet=10.83.33.0/24
 
         rightsubnet=10.83.33.0/24
         auto=add
+
         auto=start
 
</pre>
 
</pre>
 
*/etc/ipsec.secret
 
*/etc/ipsec.secret
 
  : RSA tiazel.vpn.int.key ""
 
  : RSA tiazel.vpn.int.key ""

Aktuelle Version vom 7. Dezember 2017, 19:11 Uhr

gustavo.vpn.int (fix ip)

  • /etc/ipsec.d/certs/gustavo.vpn.int.crt
  • /etc/ipsec.d/private/gustavo.vpn.int.key
  • /etc/ipsec.d/cacerts/ca.crt
  • /etc/ipsec.conf
conn tiazel-gustavo
        authby=rsasig
        keyexchange=ikev1
        left=%any
        leftid="C=de, ST=rp, L=zw, O=vogel-it, OU=it, CN=tiazel.vpn.int"
        leftsubnet="10.83.32.0/24"
        right=10.84.252.33
        rightcert=gustavo.vpn.int.crt
        rightid="C=de, ST=rp, L=zw, O=vogel-it, OU=it, CN=gustavo.vpn.int"
        rightsubnet=10.83.33.0/24
        auto=add
  • /etc/ipsec.secret
: RSA gustavo.vpn.int.key ""

tiazel.vpn.int (dyn ip)

  • /etc/ipsec.d/certs/tiazel.vpn.int.crt
  • /etc/ipsec.d/private/tiazel.vpn.int.key
  • /etc/ipsec.d/cacerts/ca.crt
  • /etc/ipsec.conf
conn tiazel-gustavo
        authby=rsasig
        keyexchange=ikev1
        leftcert=tiazel.vpn.int.crt
        leftid="C=de, ST=rp, L=zw, O=vogel-it, OU=it, CN=tiazel.vpn.int"
        leftsubnet="10.83.32.0/24"
        right="10.84.252.33"
        rightid="C=de, ST=rp, L=zw, O=vogel-it, OU=it, CN=gustavo.vpn.int"
        rightsubnet=10.83.33.0/24
        auto=start
  • /etc/ipsec.secret
: RSA tiazel.vpn.int.key ""
Abgerufen von „https://xinux.net/index.php?title=Strongswan-strongswan-dynamische-ip-cert&oldid=15890