Strongswan zu strongswan aggressive modus: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 7: | Zeile 7: | ||
... | ... | ||
} | } | ||
| + | </pre> | ||
| + | */etc/ipsec.conf | ||
| + | <pre> | ||
| + | conn s2s | ||
| + | authby=secret | ||
| + | keyexchange=ikev1 | ||
| + | aggressive = yes | ||
| + | left=10.84.252.32 | ||
| + | leftsubnet=10.83.32.0/24 | ||
| + | right=%any | ||
| + | rightsubnet=10.83.33.0/24 | ||
| + | ike=aes128-sha1-modp1024 | ||
| + | esp=aes128-sha1-modp1024 | ||
| + | auto=start | ||
| + | </pre> | ||
| + | */etc/ipsec.secrets | ||
| + | <pre> | ||
| + | 10.84.252.32 %any : PSK "123" | ||
</pre> | </pre> | ||
Version vom 9. November 2017, 07:58 Uhr
Config on both sites
Add thin entry
- /etc/strongswan.conf
charon {
i_dont_care_about_security_and_use_aggressive_mode_psk = yes
...
}
- /etc/ipsec.conf
conn s2s
authby=secret
keyexchange=ikev1
aggressive = yes
left=10.84.252.32
leftsubnet=10.83.32.0/24
right=%any
rightsubnet=10.83.33.0/24
ike=aes128-sha1-modp1024
esp=aes128-sha1-modp1024
auto=start
- /etc/ipsec.secrets
10.84.252.32 %any : PSK "123"