Strongswan-swanctl: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 20: | Zeile 20: | ||
=swanctl= | =swanctl= | ||
==franklin.vpn.int== | ==franklin.vpn.int== | ||
| − | + | */etc/strongswan/swanctl/swanctl.conf | |
<pre> | <pre> | ||
connections { | connections { | ||
Version vom 9. Dezember 2017, 17:50 Uhr
strongswan
tiazel.vpn.int
- /etc/ipsec.conf
conn franklin-tiazel
authby=secret
keyexchange=ikev1
left=10.84.252.32
leftsubnet=10.83.32.0/24
right=10.84.252.40
rightsubnet=10.83.40.0/24
ike=aes256-sha256-modp2048
esp=aes256-sha256-modp2048
ikelifetime=3h
keylife=1h
auto=add
- /etc/ipsec.secret
10.84.252.32 10.84.252.40 : PSK "suxer"
swanctl
franklin.vpn.int
- /etc/strongswan/swanctl/swanctl.conf
connections {
net-net {
local_addrs = 10.84.252.40
remote_addrs = 10.84.252.32
local {
auth = psk
id = 10.84.252.40
}
remote {
auth = psk
id = 10.84.252.32
}
children {
net {
local_ts = 10.83.40.0/24
remote_ts = 10.83.32.0/24
start_action = start
#updown = /usr/local/libexec/ipsec/_updown iptables
rekey_time = 10m
esp_proposals = aes256-sha256-modp2048
}
}
version = 1
reauth_time = 60m
rekey_time = 20m
proposals = aes256-sha256-modp2048
}
}
secrets {
ike-cli {
id = 10.84.252.32
secret = suxer
}
}