Openswan zu strongswan: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 33: | Zeile 33: | ||
/etc/ipsec.secrets | /etc/ipsec.secrets | ||
192.168.242.249 192.168.244.151 : PSK "katzenklo" | 192.168.242.249 192.168.244.151 : PSK "katzenklo" | ||
| + | |||
| + | |||
| + | |||
| + | =Openswan konfigurieren ( X509 )= | ||
| + | ==Tunnel Parameter definieren== | ||
| + | ;Tunnelkonfiguration | ||
| + | /etc/ipsec.conf | ||
| + | conn net | ||
| + | authby=rsasig | ||
| + | left=192.168.242.249 | ||
| + | leftsubnet=10.4.3.0/24 | ||
| + | leftid="C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=franz.xinux.org, E=technik@xinux.de" | ||
| + | leftcert=franz.xinux.org.crt | ||
| + | right=192.168.244.151 | ||
| + | rightsubnet=10.18.44.0/24 | ||
| + | rightid="C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=huey.xinux.org, E=technik@xinux.de" | ||
| + | ike=aes192-md5 | ||
| + | phase2alg=aes192-md5 | ||
| + | pfs=no | ||
| + | auto=start | ||
| + | |||
| + | ;X509 definieren | ||
| + | /etc/ipsec.secrets | ||
| + | 192.168.242.249 192.168.244.151 : RSA franz.xinux.org.key "" | ||
| + | |||
| + | =Strongswan konfigurieren ( PSK )= | ||
| + | ==Tunnel Parameter definieren== | ||
| + | ;Tunnelkonfiguration | ||
| + | /etc/ipsec.conf | ||
| + | conn net | ||
| + | keyexchange=ikev1 | ||
| + | authby=rsasig | ||
| + | left=192.168.242.249 | ||
| + | leftsubnet=10.4.3.0/24 | ||
| + | leftid="C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=franz.xinux.org, E=technik@xinux.de" | ||
| + | rightcert=huey.xinux.org.crt | ||
| + | right=192.168.244.151 | ||
| + | rightid="C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=huey.xinux.org, E=technik@xinux.de" | ||
| + | rightsubnet=10.18.44.0/24 | ||
| + | ike=aes192-md5 | ||
| + | esp=aes192-md5 | ||
| + | auto=start | ||
| + | ;X509 definieren | ||
| + | /etc/ipsec.secrets | ||
| + | 192.168.242.249 192.168.244.151 : RSA huey.xinux.org.key "" | ||
Version vom 15. Oktober 2014, 18:15 Uhr
Openswan konfigurieren ( PSK )
Tunnel Parameter definieren
- Tunnelkonfiguration
/etc/ipsec.conf
conn franz-huey
authby=secret
left=192.168.242.249
leftsubnet=10.4.3.0/24
right=192.168.244.151
rightsubnet=10.18.44.0/24
ike=aes192-md5
phase2alg=aes192-md5
pfs=no
auto=add
- PSK definieren
/etc/ipsec.secrets
192.168.242.249 192.168.244.151 : PSK "katzenklo"
Strongswan konfigurieren ( PSK )
Tunnel Parameter definieren
- Tunnelkonfiguration
/etc/ipsec.conf
conn franz-huey
authby=secret
left=192.168.242.249
leftsubnet=10.4.3.0/24
right=192.168.244.151
rightsubnet=10.18.44.0/24
ike=aes192-md5
esp=aes192-md5
auto=add
- PSK definieren
/etc/ipsec.secrets
192.168.242.249 192.168.244.151 : PSK "katzenklo"
Openswan konfigurieren ( X509 )
Tunnel Parameter definieren
- Tunnelkonfiguration
/etc/ipsec.conf
conn net
authby=rsasig
left=192.168.242.249
leftsubnet=10.4.3.0/24
leftid="C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=franz.xinux.org, E=technik@xinux.de"
leftcert=franz.xinux.org.crt
right=192.168.244.151
rightsubnet=10.18.44.0/24
rightid="C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=huey.xinux.org, E=technik@xinux.de"
ike=aes192-md5
phase2alg=aes192-md5
pfs=no
auto=start
- X509 definieren
/etc/ipsec.secrets
192.168.242.249 192.168.244.151 : RSA franz.xinux.org.key ""
Strongswan konfigurieren ( PSK )
Tunnel Parameter definieren
- Tunnelkonfiguration
/etc/ipsec.conf
conn net
keyexchange=ikev1
authby=rsasig
left=192.168.242.249
leftsubnet=10.4.3.0/24
leftid="C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=franz.xinux.org, E=technik@xinux.de"
rightcert=huey.xinux.org.crt
right=192.168.244.151
rightid="C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=huey.xinux.org, E=technik@xinux.de"
rightsubnet=10.18.44.0/24
ike=aes192-md5
esp=aes192-md5
auto=start
- X509 definieren
/etc/ipsec.secrets
192.168.242.249 192.168.244.151 : RSA huey.xinux.org.key ""