Strongswan-opnsense-dynamische-ip-cert: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
Zeile 7: Zeile 7:
 
=Strongswan=
 
=Strongswan=
 
==/etc/ipsec.secret==
 
==/etc/ipsec.secret==
 +
: RSA ubuntu.key ""
 +
==/etc/ipsec.conf==
 +
<pre>
 +
conn vpn
 +
  authby=rsasig
 +
  keyexchange=ikev2
 +
  left=10.85.9.6
 +
  leftcert=ubuntu.crt
 +
  leftid="CN=ubuntu"
 +
  leftsubnet="192.168.1.1/32"
 +
  leftauth=pubkey
 +
  rightauth=pubkey
 +
  right=%any
 +
  rightid="CN=opnsense"
 +
  rightsubnet="192.168.0.1/32"
 +
  rightca = "/CN=ca/"
 +
  ike=aes256-sha256-modp4096!
 +
  esp=aes256-sha256-modp4096!
 +
  ikelifetime=28800s
 +
  lifetime=3600s
 +
  auto=add
 +
</pre>
 +
 
==/etc/ipsec.conf==
 
==/etc/ipsec.conf==

Version vom 1. Juli 2022, 13:05 Uhr

Opensense

Phase 1

Allgemein

Strongswan-opnsens-dynamische-ip-cert-1.png

Authentifizierung

Strongswan-opnsens-dynamische-ip-cert-2.png

Strongswan

/etc/ipsec.secret

: RSA ubuntu.key ""

/etc/ipsec.conf

conn vpn
   authby=rsasig
   keyexchange=ikev2
   left=10.85.9.6
   leftcert=ubuntu.crt
   leftid="CN=ubuntu"
   leftsubnet="192.168.1.1/32"
   leftauth=pubkey
   rightauth=pubkey
   right=%any
   rightid="CN=opnsense"
   rightsubnet="192.168.0.1/32"
   rightca = "/CN=ca/"
   ike=aes256-sha256-modp4096!
   esp=aes256-sha256-modp4096!
   ikelifetime=28800s
   lifetime=3600s
   auto=add

/etc/ipsec.conf

Abgerufen von „http://wiki.ixheim.de/index.php?title=Strongswan-opnsense-dynamische-ip-cert&oldid=33646