Strongswan-swanctl: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „=tiazel.vpn.int= */etc/ipsec.conf <pre> conn franklin-tiazel authby=secret keyexchange=ikev1 left=10.84.252.32 leftsubnet=10.83.32.0/24 rig…“) |
Thomas (Diskussion | Beiträge) |
||
Zeile 1: | Zeile 1: | ||
− | =tiazel.vpn.int= | + | =strongswan= |
+ | ==tiazel.vpn.int== | ||
*/etc/ipsec.conf | */etc/ipsec.conf | ||
<pre> | <pre> | ||
Zeile 17: | Zeile 18: | ||
*/etc/ipsec.secret | */etc/ipsec.secret | ||
10.84.252.32 10.84.252.40 : PSK "suxer" | 10.84.252.32 10.84.252.40 : PSK "suxer" | ||
+ | =swanctl= | ||
+ | ==franklin.vpn.int== | ||
+ | "/etc/strongswan/swanctl/swanctl.conf | ||
+ | <pre> | ||
+ | connections { | ||
+ | net-net { | ||
+ | local_addrs = 10.84.252.40 | ||
+ | remote_addrs = 10.84.252.32 | ||
+ | local { | ||
+ | auth = psk | ||
+ | id = 10.84.252.40 | ||
+ | } | ||
+ | remote { | ||
+ | auth = psk | ||
+ | id = 10.84.252.32 | ||
+ | } | ||
+ | children { | ||
+ | net { | ||
+ | local_ts = 10.83.40.0/24 | ||
+ | remote_ts = 10.83.32.0/24 | ||
+ | start_action = start | ||
+ | #updown = /usr/local/libexec/ipsec/_updown iptables | ||
+ | rekey_time = 10m | ||
+ | esp_proposals = aes256-sha256-modp2048 | ||
+ | } | ||
+ | } | ||
+ | version = 1 | ||
+ | reauth_time = 60m | ||
+ | rekey_time = 20m | ||
+ | proposals = aes256-sha256-modp2048 | ||
+ | } | ||
+ | } | ||
+ | secrets { | ||
+ | ike-cli { | ||
+ | id = 10.84.252.32 | ||
+ | secret = suxer | ||
+ | } | ||
+ | } | ||
+ | </pre> |
Version vom 8. Dezember 2017, 18:07 Uhr
strongswan
tiazel.vpn.int
- /etc/ipsec.conf
conn franklin-tiazel authby=secret keyexchange=ikev1 left=10.84.252.32 leftsubnet=10.83.32.0/24 right=10.84.252.40 rightsubnet=10.83.40.0/24 ike=aes256-sha256-modp2048 esp=aes256-sha256-modp2048 ikelifetime=3h keylife=1h auto=add
- /etc/ipsec.secret
10.84.252.32 10.84.252.40 : PSK "suxer"
swanctl
franklin.vpn.int
"/etc/strongswan/swanctl/swanctl.conf
connections { net-net { local_addrs = 10.84.252.40 remote_addrs = 10.84.252.32 local { auth = psk id = 10.84.252.40 } remote { auth = psk id = 10.84.252.32 } children { net { local_ts = 10.83.40.0/24 remote_ts = 10.83.32.0/24 start_action = start #updown = /usr/local/libexec/ipsec/_updown iptables rekey_time = 10m esp_proposals = aes256-sha256-modp2048 } } version = 1 reauth_time = 60m rekey_time = 20m proposals = aes256-sha256-modp2048 } } secrets { ike-cli { id = 10.84.252.32 secret = suxer } }