Strongswan-openswan-psk: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
(Die Seite wurde neu angelegt: „=Strongswan= *cat /etc/ipsec.conf <pre> conn a2s authby=secret keyexchange=ikev1 left=192.168.252.89 leftid=@tiazel leftsubnet=10.254…“)
 
 
(9 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt)
Zeile 2: Zeile 2:
 
*cat /etc/ipsec.conf  
 
*cat /etc/ipsec.conf  
 
<pre>
 
<pre>
conn a2s
+
conn o2s
 
     authby=secret
 
     authby=secret
 
     keyexchange=ikev1
 
     keyexchange=ikev1
Zeile 8: Zeile 8:
 
     leftid=@tiazel
 
     leftid=@tiazel
 
     leftsubnet=10.254.32.0/24
 
     leftsubnet=10.254.32.0/24
     right=192.168.252.109
+
     right=192.168.252.200
     rightid=@loren
+
     rightid=@rome
     rightsubnet=10.254.33.0/24
+
     rightsubnet=10.254.31.0/24
     ikelifetime=7800
+
     ike=aes256gcm128-prfsha256-modp4096!
     keylife=3600
+
    esp=aes256gcm128-prfsha256-modp4096!
     ike=aes256-md5-modp1536
+
     auto=start
     esp=aes256-md5-modp1536
+
    closeaction=restart
 +
    dpdaction=restart
 +
    dpddelay=10s
 +
</pre>
 +
*cat /etc/ipsec.secrets
 +
@tiazel @rome  : PSK "suxer"
 +
 
 +
=Openswan=
 +
*cat /etc/ipsec.conf
 +
<pre>
 +
version 2.0
 +
config setup
 +
    dumpdir=/var/run/pluto/
 +
    nat_traversal=no
 +
    oe=off
 +
    protostack=netkey
 +
conn o2s
 +
    authby=secret
 +
    left=192.168.252.200
 +
    leftid=@rome
 +
    leftsubnet=10.254.31.0/24
 +
    right=192.168.252.89
 +
    rightid=@tiazel
 +
    rightsubnet=10.254.32.0/24
 +
     ike=aes256gcm128-prfsha256-modp4096
 +
     phase2alg=aes256gcm128-prfsha256-modp4096
 
     auto=start
 
     auto=start
 
</pre>
 
</pre>
 
*cat /etc/ipsec.secrets
 
*cat /etc/ipsec.secrets
  @tiazel @loren : PSK "suxer"
+
  @tiazel @rome : PSK "suxer"
 +
 
 +
= Links =
 +
* [https://docs.strongswan.org/docs/5.9/config/IKEv2CipherSuites.html Strongswan Cipher Suites]
 +
* [https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection Ipsec.conf Referenz]

Aktuelle Version vom 19. Februar 2024, 09:03 Uhr

Strongswan

  • cat /etc/ipsec.conf
conn o2s
     authby=secret
     keyexchange=ikev1
     left=192.168.252.89
     leftid=@tiazel
     leftsubnet=10.254.32.0/24
     right=192.168.252.200
     rightid=@rome
     rightsubnet=10.254.31.0/24
     ike=aes256gcm128-prfsha256-modp4096!
     esp=aes256gcm128-prfsha256-modp4096!
     auto=start
     closeaction=restart
     dpdaction=restart
     dpddelay=10s
  • cat /etc/ipsec.secrets
@tiazel @rome  : PSK "suxer"

Openswan

  • cat /etc/ipsec.conf
version 2.0
config setup
     dumpdir=/var/run/pluto/
     nat_traversal=no
     oe=off
     protostack=netkey
conn o2s
     authby=secret
     left=192.168.252.200
     leftid=@rome
     leftsubnet=10.254.31.0/24
     right=192.168.252.89
     rightid=@tiazel
     rightsubnet=10.254.32.0/24
     ike=aes256gcm128-prfsha256-modp4096
     phase2alg=aes256gcm128-prfsha256-modp4096
     auto=start
  • cat /etc/ipsec.secrets
@tiazel @rome  : PSK "suxer"

Links

Abgerufen von „http://wiki.ixheim.de/index.php?title=Strongswan-openswan-psk&oldid=51692