Sophos-XG-IPSec-zu-Strongswan-PSK-Strongswan: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „==/etc/ipsec.conf== <pre> conn vpn-sophos-xg authby=secret keyexchange=ikev2 left=10.85.21.6 leftid = 10.85.21.6 leftsubnet="192.168.1.1/32"…“) |
|||
| (Eine dazwischenliegende Version desselben Benutzers wird nicht angezeigt) | |||
| Zeile 6: | Zeile 6: | ||
left=10.85.21.6 | left=10.85.21.6 | ||
leftid = 10.85.21.6 | leftid = 10.85.21.6 | ||
| − | leftsubnet="192.168.1. | + | leftsubnet="192.168.1.0/24" |
leftauth = psk | leftauth = psk | ||
rightauth = psk | rightauth = psk | ||
right=10.85.21.4 | right=10.85.21.4 | ||
rightid=10.85.21.4 | rightid=10.85.21.4 | ||
| − | rightsubnet="192.168.4. | + | rightsubnet="192.168.4.0/24" |
ike=aes256-sha256-modp4096! | ike=aes256-sha256-modp4096! | ||
esp=aes256-sha256-modp4096! | esp=aes256-sha256-modp4096! | ||
| Zeile 17: | Zeile 17: | ||
lifetime=3600s | lifetime=3600s | ||
auto=add | auto=add | ||
| + | |||
| + | conn vpn-sophos-xg-nat | ||
| + | authby=secret | ||
| + | keyexchange=ikev2 | ||
| + | left=10.85.21.6 | ||
| + | leftid = 10.85.21.6 | ||
| + | leftsubnet="192.168.1.0/24" | ||
| + | leftauth = psk | ||
| + | rightauth = psk | ||
| + | right=10.85.21.4 | ||
| + | rightid=10.85.21.4 | ||
| + | rightsubnet="192.168.88.0/24" | ||
| + | ike=aes256-sha256-modp4096! | ||
| + | esp=aes256-sha256-modp4096! | ||
| + | ikelifetime=28800s | ||
| + | lifetime=3600s | ||
| + | auto=add | ||
| + | |||
| + | conn vpn-sophos-xg-nat-dyn | ||
| + | authby=secret | ||
| + | keyexchange=ikev2 | ||
| + | left=%defaultroute | ||
| + | leftid = @ulubu.lab.intra | ||
| + | leftsubnet="192.168.1.0/24" | ||
| + | leftauth = psk | ||
| + | rightauth = psk | ||
| + | right=10.85.21.4 | ||
| + | rightid=10.85.21.4 | ||
| + | rightsubnet="192.168.99.0/24" | ||
| + | ike=aes256-sha256-modp4096! | ||
| + | esp=aes256-sha256-modp4096! | ||
| + | ikelifetime=28800s | ||
| + | lifetime=3600s | ||
| + | auto=add | ||
| + | |||
</pre> | </pre> | ||
| + | |||
==/etc/ipsec.secrets== | ==/etc/ipsec.secrets== | ||
10.85.21.4 10.85.4.6 : PSK 012345-Hilde-Becker$$ | 10.85.21.4 10.85.4.6 : PSK 012345-Hilde-Becker$$ | ||
| + | 10.85.21.4 @ulubu.lab.intra : PSK 012345-Hilde-Becker$$ | ||
Aktuelle Version vom 18. Juli 2022, 11:31 Uhr
/etc/ipsec.conf
conn vpn-sophos-xg authby=secret keyexchange=ikev2 left=10.85.21.6 leftid = 10.85.21.6 leftsubnet="192.168.1.0/24" leftauth = psk rightauth = psk right=10.85.21.4 rightid=10.85.21.4 rightsubnet="192.168.4.0/24" ike=aes256-sha256-modp4096! esp=aes256-sha256-modp4096! ikelifetime=28800s lifetime=3600s auto=add conn vpn-sophos-xg-nat authby=secret keyexchange=ikev2 left=10.85.21.6 leftid = 10.85.21.6 leftsubnet="192.168.1.0/24" leftauth = psk rightauth = psk right=10.85.21.4 rightid=10.85.21.4 rightsubnet="192.168.88.0/24" ike=aes256-sha256-modp4096! esp=aes256-sha256-modp4096! ikelifetime=28800s lifetime=3600s auto=add conn vpn-sophos-xg-nat-dyn authby=secret keyexchange=ikev2 left=%defaultroute leftid = @ulubu.lab.intra leftsubnet="192.168.1.0/24" leftauth = psk rightauth = psk right=10.85.21.4 rightid=10.85.21.4 rightsubnet="192.168.99.0/24" ike=aes256-sha256-modp4096! esp=aes256-sha256-modp4096! ikelifetime=28800s lifetime=3600s auto=add
/etc/ipsec.secrets
10.85.21.4 10.85.4.6 : PSK 012345-Hilde-Becker$$ 10.85.21.4 @ulubu.lab.intra : PSK 012345-Hilde-Becker$$