Xauth-pam-strongswan: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
(Die Seite wurde neu angelegt: „ =Links= *https://blog.loetzimmer.de/2017/09/ipsec-vpn-mit-strongswan-auf-debian.html“)
 
 
(6 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 1: Zeile 1:
 +
=Install Modul=
 +
*apt-get install strongswan strongswan-plugin-xauth-pam
 +
 +
=Config=
 +
==ipsec.conf==
 +
*cat /etc/ipsec.conf
 +
<pre>
 +
conn android_vpn
 +
  left=10.134.2.5
 +
  leftid=@nagus.xxx.de
 +
  leftauth=pubkey
 +
  leftcert=/etc/letsencrypt/live/nagus.xxx.de/fullchain.pem
 +
  leftsendcert=always
 +
  leftsubnet=0.0.0.0/0
 +
  right=%any
 +
  rightauth=xauth-pam
 +
  rightsourceip=10.79.128.0/24
 +
  esp=aes-sha1!
 +
  auto=add
 +
</pre>
 +
 +
==ipsec.secrets==
 +
*cat /etc/ipsec.secrets
 +
@nagus.xxx.de : RSA /etc/letsencrypt/live/nagus.xxx.de/privkey.pem
 +
==xauth-pam==
 +
*/etc/strongswan.d/charon/xauth-pam.conf
 +
<pre>
 +
xauth-pam {
 +
    load = yes
 +
    pam_service = ipsec
 +
}
 +
</pre>
 +
==pam.d==
 +
*cat  /etc/pam.d/ipsec
 +
auth    required        pam_listfile.so onerr=fail item=group sense=allow file=/etc/ipsec.group.allow
 +
@include common-auth
 +
@include common-account
 +
 +
=group handling=
 +
==add group==
 +
*groupadd vpn
 +
==user to group==
 +
*gpasswd -a xinux vpn ==ipsec.group.allow==
 +
==group.allow==
 +
*cat /etc/ipsec.group.allow
 +
vpn
  
 
=Links=
 
=Links=
 
*https://blog.loetzimmer.de/2017/09/ipsec-vpn-mit-strongswan-auf-debian.html
 
*https://blog.loetzimmer.de/2017/09/ipsec-vpn-mit-strongswan-auf-debian.html

Aktuelle Version vom 28. November 2018, 13:07 Uhr

Install Modul

  • apt-get install strongswan strongswan-plugin-xauth-pam

Config

ipsec.conf

  • cat /etc/ipsec.conf
conn android_vpn
   left=10.134.2.5
   leftid=@nagus.xxx.de
   leftauth=pubkey
   leftcert=/etc/letsencrypt/live/nagus.xxx.de/fullchain.pem
   leftsendcert=always
   leftsubnet=0.0.0.0/0
   right=%any
   rightauth=xauth-pam
   rightsourceip=10.79.128.0/24
   esp=aes-sha1!
   auto=add

ipsec.secrets

  • cat /etc/ipsec.secrets
@nagus.xxx.de : RSA /etc/letsencrypt/live/nagus.xxx.de/privkey.pem

xauth-pam

  • /etc/strongswan.d/charon/xauth-pam.conf
xauth-pam {
    load = yes
    pam_service = ipsec
}

pam.d

  • cat /etc/pam.d/ipsec
auth    required        pam_listfile.so onerr=fail item=group sense=allow file=/etc/ipsec.group.allow
@include common-auth
@include common-account

group handling

add group

  • groupadd vpn

user to group

  • gpasswd -a xinux vpn ==ipsec.group.allow==

group.allow

  • cat /etc/ipsec.group.allow
vpn

Links

Abgerufen von „http://wiki.ixheim.de/index.php?title=Xauth-pam-strongswan&oldid=17957