Openswan zu strongswan: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| (5 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 10: | Zeile 10: | ||
rightsubnet=10.18.44.0/24 | rightsubnet=10.18.44.0/24 | ||
ike=aes192-md5 | ike=aes192-md5 | ||
| − | phase2alg=aes192 | + | phase2alg=aes192-md5 |
pfs=no | pfs=no | ||
auto=add | auto=add | ||
| Zeile 33: | Zeile 33: | ||
/etc/ipsec.secrets | /etc/ipsec.secrets | ||
192.168.242.249 192.168.244.151 : PSK "katzenklo" | 192.168.242.249 192.168.244.151 : PSK "katzenklo" | ||
| + | |||
| + | |||
| + | |||
| + | =Openswan konfigurieren ( X509 )= | ||
| + | ==Tunnel Parameter definieren== | ||
| + | ;certs | ||
| + | /etc/ipsec.d/certs/franz.xinux.org.crt | ||
| + | /etc/ipsec.d/crls/xinux-ca.crl | ||
| + | /etc/ipsec.d/cacerts/xinux-ca.crt | ||
| + | /etc/ipsec.d/private/franz.xinux.org.key | ||
| + | ;Tunnelkonfiguration | ||
| + | /etc/ipsec.conf | ||
| + | |||
| + | conn net | ||
| + | authby=rsasig | ||
| + | left=192.168.242.249 | ||
| + | leftsubnet=10.4.3.0/24 | ||
| + | leftid="C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=franz.xinux.org, E=technik@xinux.de" | ||
| + | leftcert=franz.xinux.org.crt | ||
| + | leftrsasigkey=%cert | ||
| + | right=192.168.244.151 | ||
| + | rightsubnet=10.18.44.0/24 | ||
| + | rightid="C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=huey.xinux.org, E=technik@xinux.de" | ||
| + | rightrsasigkey=%cert | ||
| + | ike=aes192-md5-modp1024 | ||
| + | phase2alg=aes192-md5;modp1024 | ||
| + | compress=yes | ||
| + | pfs=yes | ||
| + | auto=add | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | ;X509 definieren | ||
| + | /etc/ipsec.secrets | ||
| + | 192.168.242.249 192.168.244.151 : RSA franz.xinux.org.key "" | ||
| + | |||
| + | =Strongswan konfigurieren ( X509 )= | ||
| + | ==Tunnel Parameter definieren== | ||
| + | ;certs | ||
| + | /etc/ipsec.d/certs/huey.xinux.org.crt | ||
| + | /etc/ipsec.d/crls/xinux-ca.crl | ||
| + | /etc/ipsec.d/cacerts/xinux-ca.crt | ||
| + | /etc/ipsec.d/private/huey.xinux.org.key | ||
| + | ;Tunnelkonfiguration | ||
| + | /etc/ipsec.conf | ||
| + | conn net | ||
| + | keyexchange=ikev1 | ||
| + | authby=rsasig | ||
| + | left=192.168.242.249 | ||
| + | leftsubnet=10.4.3.0/24 | ||
| + | leftid="C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=franz.xinux.org, E=technik@xinux.de" | ||
| + | rightcert=huey.xinux.org.crt | ||
| + | right=192.168.244.151 | ||
| + | rightid="C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=huey.xinux.org, E=technik@xinux.de" | ||
| + | rightsubnet=10.18.44.0/24 | ||
| + | ike=aes192-md5 | ||
| + | esp=aes192-md5 | ||
| + | auto=start | ||
| + | ;X509 definieren | ||
| + | /etc/ipsec.secrets | ||
| + | 192.168.242.249 192.168.244.151 : RSA huey.xinux.org.key "" | ||
Aktuelle Version vom 21. Oktober 2014, 18:02 Uhr
Openswan konfigurieren ( PSK )
Tunnel Parameter definieren
- Tunnelkonfiguration
/etc/ipsec.conf
conn franz-huey
authby=secret
left=192.168.242.249
leftsubnet=10.4.3.0/24
right=192.168.244.151
rightsubnet=10.18.44.0/24
ike=aes192-md5
phase2alg=aes192-md5
pfs=no
auto=add
- PSK definieren
/etc/ipsec.secrets
192.168.242.249 192.168.244.151 : PSK "katzenklo"
Strongswan konfigurieren ( PSK )
Tunnel Parameter definieren
- Tunnelkonfiguration
/etc/ipsec.conf
conn franz-huey
authby=secret
left=192.168.242.249
leftsubnet=10.4.3.0/24
right=192.168.244.151
rightsubnet=10.18.44.0/24
ike=aes192-md5
esp=aes192-md5
auto=add
- PSK definieren
/etc/ipsec.secrets
192.168.242.249 192.168.244.151 : PSK "katzenklo"
Openswan konfigurieren ( X509 )
Tunnel Parameter definieren
- certs
/etc/ipsec.d/certs/franz.xinux.org.crt /etc/ipsec.d/crls/xinux-ca.crl /etc/ipsec.d/cacerts/xinux-ca.crt /etc/ipsec.d/private/franz.xinux.org.key
- Tunnelkonfiguration
/etc/ipsec.conf
conn net
authby=rsasig
left=192.168.242.249
leftsubnet=10.4.3.0/24
leftid="C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=franz.xinux.org, E=technik@xinux.de"
leftcert=franz.xinux.org.crt
leftrsasigkey=%cert
right=192.168.244.151
rightsubnet=10.18.44.0/24
rightid="C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=huey.xinux.org, E=technik@xinux.de"
rightrsasigkey=%cert
ike=aes192-md5-modp1024
phase2alg=aes192-md5;modp1024
compress=yes
pfs=yes
auto=add
- X509 definieren
/etc/ipsec.secrets
192.168.242.249 192.168.244.151 : RSA franz.xinux.org.key ""
Strongswan konfigurieren ( X509 )
Tunnel Parameter definieren
- certs
/etc/ipsec.d/certs/huey.xinux.org.crt /etc/ipsec.d/crls/xinux-ca.crl /etc/ipsec.d/cacerts/xinux-ca.crt /etc/ipsec.d/private/huey.xinux.org.key
- Tunnelkonfiguration
/etc/ipsec.conf
conn net
keyexchange=ikev1
authby=rsasig
left=192.168.242.249
leftsubnet=10.4.3.0/24
leftid="C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=franz.xinux.org, E=technik@xinux.de"
rightcert=huey.xinux.org.crt
right=192.168.244.151
rightid="C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=huey.xinux.org, E=technik@xinux.de"
rightsubnet=10.18.44.0/24
ike=aes192-md5
esp=aes192-md5
auto=start
- X509 definieren
/etc/ipsec.secrets
192.168.242.249 192.168.244.151 : RSA huey.xinux.org.key ""