Strongswan-swanctl: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
Zeile 23: | Zeile 23: | ||
<pre> | <pre> | ||
connections { | connections { | ||
− | + | net { | |
local_addrs = 10.84.252.40 | local_addrs = 10.84.252.40 | ||
remote_addrs = 10.84.252.32 | remote_addrs = 10.84.252.32 | ||
Zeile 35: | Zeile 35: | ||
} | } | ||
children { | children { | ||
− | net { | + | net-1 { |
local_ts = 10.83.40.0/24 | local_ts = 10.83.40.0/24 | ||
remote_ts = 10.83.32.0/24 | remote_ts = 10.83.32.0/24 | ||
start_action = start | start_action = start | ||
− | |||
− | |||
esp_proposals = aes256-sha256-modp2048 | esp_proposals = aes256-sha256-modp2048 | ||
} | } | ||
} | } | ||
version = 1 | version = 1 | ||
− | |||
− | |||
proposals = aes256-sha256-modp2048 | proposals = aes256-sha256-modp2048 | ||
} | } | ||
} | } | ||
secrets { | secrets { | ||
− | ike- | + | ike-net { |
id = 10.84.252.32 | id = 10.84.252.32 | ||
secret = suxer | secret = suxer |
Aktuelle Version vom 9. Dezember 2017, 19:41 Uhr
strongswan
tiazel.vpn.int
- /etc/ipsec.conf
conn franklin-tiazel authby=secret keyexchange=ikev1 left=10.84.252.32 leftsubnet=10.83.32.0/24 right=10.84.252.40 rightsubnet=10.83.40.0/24 ike=aes256-sha256-modp2048 esp=aes256-sha256-modp2048 ikelifetime=3h keylife=1h auto=add
- /etc/ipsec.secret
10.84.252.32 10.84.252.40 : PSK "suxer"
swanctl
franklin.vpn.int
- /etc/strongswan/swanctl/swanctl.conf
connections { net { local_addrs = 10.84.252.40 remote_addrs = 10.84.252.32 local { auth = psk id = 10.84.252.40 } remote { auth = psk id = 10.84.252.32 } children { net-1 { local_ts = 10.83.40.0/24 remote_ts = 10.83.32.0/24 start_action = start esp_proposals = aes256-sha256-modp2048 } } version = 1 proposals = aes256-sha256-modp2048 } } secrets { ike-net { id = 10.84.252.32 secret = suxer } }