Strongswan-openswan-psk: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
|||
| (8 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 11: | Zeile 11: | ||
rightid=@rome | rightid=@rome | ||
rightsubnet=10.254.31.0/24 | rightsubnet=10.254.31.0/24 | ||
| − | ike= | + | ike=aes256gcm128-prfsha256-modp4096! |
| − | esp= | + | esp=aes256gcm128-prfsha256-modp4096! |
auto=start | auto=start | ||
| + | closeaction=restart | ||
| + | dpdaction=restart | ||
| + | dpddelay=10s | ||
</pre> | </pre> | ||
*cat /etc/ipsec.secrets | *cat /etc/ipsec.secrets | ||
@tiazel @rome : PSK "suxer" | @tiazel @rome : PSK "suxer" | ||
| + | |||
=Openswan= | =Openswan= | ||
*cat /etc/ipsec.conf | *cat /etc/ipsec.conf | ||
| Zeile 34: | Zeile 38: | ||
rightid=@tiazel | rightid=@tiazel | ||
rightsubnet=10.254.32.0/24 | rightsubnet=10.254.32.0/24 | ||
| − | ike= | + | ike=aes256gcm128-prfsha256-modp4096 |
| − | phase2alg= | + | phase2alg=aes256gcm128-prfsha256-modp4096 |
auto=start | auto=start | ||
</pre> | </pre> | ||
*cat /etc/ipsec.secrets | *cat /etc/ipsec.secrets | ||
@tiazel @rome : PSK "suxer" | @tiazel @rome : PSK "suxer" | ||
| + | |||
| + | = Links = | ||
| + | * [https://docs.strongswan.org/docs/5.9/config/IKEv2CipherSuites.html Strongswan Cipher Suites] | ||
| + | * [https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection Ipsec.conf Referenz] | ||
Aktuelle Version vom 19. Februar 2024, 09:03 Uhr
Strongswan
- cat /etc/ipsec.conf
conn o2s
authby=secret
keyexchange=ikev1
left=192.168.252.89
leftid=@tiazel
leftsubnet=10.254.32.0/24
right=192.168.252.200
rightid=@rome
rightsubnet=10.254.31.0/24
ike=aes256gcm128-prfsha256-modp4096!
esp=aes256gcm128-prfsha256-modp4096!
auto=start
closeaction=restart
dpdaction=restart
dpddelay=10s
- cat /etc/ipsec.secrets
@tiazel @rome : PSK "suxer"
Openswan
- cat /etc/ipsec.conf
version 2.0
config setup
dumpdir=/var/run/pluto/
nat_traversal=no
oe=off
protostack=netkey
conn o2s
authby=secret
left=192.168.252.200
leftid=@rome
leftsubnet=10.254.31.0/24
right=192.168.252.89
rightid=@tiazel
rightsubnet=10.254.32.0/24
ike=aes256gcm128-prfsha256-modp4096
phase2alg=aes256gcm128-prfsha256-modp4096
auto=start
- cat /etc/ipsec.secrets
@tiazel @rome : PSK "suxer"