https://wiki.ixheim.de/index.php?action=history&feed=atom&title=Strongswan_mit_vti-Interfaces 2026-06-29T01:22:17Z Versionsgeschichte dieser Seite in Xinux Wiki MediaWiki 1.35.1 https://wiki.ixheim.de/index.php?title=Strongswan_mit_vti-Interfaces&diff=16100&oldid=prev 2017-12-15T09:46:48Z

<p><span dir="auto"><span class="autocomment">Rechner 2</span></span></p> <table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface"> <col class="diff-marker" /> <col class="diff-content" /> <col class="diff-marker" /> <col class="diff-content" /> <tr class="diff-title" lang="de"> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Nächstältere Version</td> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Version vom 15. Dezember 2017, 09:46 Uhr</td> </tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l48" >Zeile 48:</td> <td colspan="2" class="diff-lineno">Zeile 48:</td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>*ip tunnel add vti0 local 10.84.252.44 remote 10.84.252.43 mode vti key 100</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>*ip tunnel add vti0 local 10.84.252.44 remote 10.84.252.43 mode vti key 100</div></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>*ip link set vti0 up</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>*ip link set vti0 up</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>*ip addr add 10.2.2.2<del class="diffchange diffchange-inline">/24 </del>remote 10.2.2.1<del class="diffchange diffchange-inline">/24 </del>dev vti0</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>*ip addr add 10.2.2.2 remote 10.2.2.1 dev vti0</div></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=rp-filter, policy und xfrm einstellen=</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=rp-filter, policy und xfrm einstellen=</div></td></tr> </table>

Janning https://wiki.ixheim.de/index.php?title=Strongswan_mit_vti-Interfaces&diff=16099&oldid=prev 2017-12-15T09:46:41Z

<p><span dir="auto"><span class="autocomment">Rechner 1</span></span></p> <table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface"> <col class="diff-marker" /> <col class="diff-content" /> <col class="diff-marker" /> <col class="diff-content" /> <tr class="diff-title" lang="de"> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Nächstältere Version</td> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Version vom 15. Dezember 2017, 09:46 Uhr</td> </tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l43" >Zeile 43:</td> <td colspan="2" class="diff-lineno">Zeile 43:</td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>*ip tunnel add vti0 local 10.84.252.43 remote 10.84.252.44 mode vti key 100</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>*ip tunnel add vti0 local 10.84.252.43 remote 10.84.252.44 mode vti key 100</div></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>*ip link set vti0 up</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>*ip link set vti0 up</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>*ip addr add 10.2.2.1<del class="diffchange diffchange-inline">/24 </del>remote 10.2.2.2<del class="diffchange diffchange-inline">/24 </del>dev vti0</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>*ip addr add 10.2.2.1 remote 10.2.2.2 dev vti0</div></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==Rechner 2==</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>==Rechner 2==</div></td></tr> </table>

Janning https://wiki.ixheim.de/index.php?title=Strongswan_mit_vti-Interfaces&diff=16098&oldid=prev 2017-12-15T08:03:36Z

<p>Die Seite wurde neu angelegt: „=ipsec-Routing deaktivieren= *vi /etc/strongswan.conf &lt;pre&gt; charon { load_modular = yes install_routes = no plugins { i…“</p> <p><b>Neue Seite</b></p><div>=ipsec-Routing deaktivieren=<br /> *vi /etc/strongswan.conf<br /> &lt;pre&gt;<br /> charon {<br /> load_modular = yes<br /> install_routes = no<br /> plugins {<br /> include strongswan.d/charon/*.conf<br /> }<br /> }<br /> <br /> include strongswan.d/*.conf<br /> &lt;/pre&gt;<br /> <br /> =ipsec.conf und ipsec.secrets einrichten=<br /> *vi /etc/ipsec.conf<br /> &lt;pre&gt;<br /> conn routed-vpn<br /> right=10.84.252.44<br /> left=10.84.252.43<br /> leftsubnet=0.0.0.0/0<br /> rightsubnet=0.0.0.0/0<br /> ike=aes256-sha256-modp2048<br /> ikelifetime=3600s<br /> esp=aes256-sha256-modp2048<br /> keylife=1800s<br /> rekeymargin=540s<br /> type=tunnel<br /> compress=no<br /> authby=secret<br /> mark=100<br /> auto=start<br /> keyingtries=%forever<br /> &lt;/pre&gt;<br /> <br /> *vi /etc/ipsec.secrets<br /> &lt;pre&gt;<br /> 10.84.252.43 10.84.252.44 : PSK &quot;suxer&quot;<br /> &lt;/pre&gt;<br /> <br /> =vti-interface einrichten=<br /> ==Rechner 1==<br /> *ip tunnel add vti0 local 10.84.252.43 remote 10.84.252.44 mode vti key 100<br /> *ip link set vti0 up<br /> *ip addr add 10.2.2.1/24 remote 10.2.2.2/24 dev vti0<br /> <br /> ==Rechner 2==<br /> *ip tunnel add vti0 local 10.84.252.44 remote 10.84.252.43 mode vti key 100<br /> *ip link set vti0 up<br /> *ip addr add 10.2.2.2/24 remote 10.2.2.1/24 dev vti0<br /> <br /> =rp-filter, policy und xfrm einstellen=<br /> *echo 0 &gt; /proc/sys/net/ipv4/conf/vti0/rp_filter<br /> *echo 1 &gt; /proc/sys/net/ipv4/conf/vti0/disable_policy<br /> *echo 1 &gt; /proc/sys/net/ipv4/conf/ens7/disable_xfrm<br /> *echo 1 &gt; /proc/sys/net/ipv4/conf/ens7/disable_policy<br /> <br /> =Routing-Tabelle 220 leeren=<br /> *ip route flush table 220<br /> <br /> =Routen setzen=<br /> ==Rechner 1==<br /> *ip route add 10.83.44.0/24 via 10.2.2.1<br /> <br /> ==Rechner 2==<br /> *ip route add 10.83.43.0/24 via 10.2.2.2</div>

Janning