Strongswan-swanctl: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „=tiazel.vpn.int= */etc/ipsec.conf <pre> conn franklin-tiazel authby=secret keyexchange=ikev1 left=10.84.252.32 leftsubnet=10.83.32.0/24 rig…“) |
Thomas (Diskussion | Beiträge) |
||
| (3 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
| − | =tiazel.vpn.int= | + | =strongswan= |
| + | ==tiazel.vpn.int== | ||
*/etc/ipsec.conf | */etc/ipsec.conf | ||
<pre> | <pre> | ||
| Zeile 17: | Zeile 18: | ||
*/etc/ipsec.secret | */etc/ipsec.secret | ||
10.84.252.32 10.84.252.40 : PSK "suxer" | 10.84.252.32 10.84.252.40 : PSK "suxer" | ||
| + | =swanctl= | ||
| + | ==franklin.vpn.int== | ||
| + | */etc/strongswan/swanctl/swanctl.conf | ||
| + | <pre> | ||
| + | connections { | ||
| + | net { | ||
| + | local_addrs = 10.84.252.40 | ||
| + | remote_addrs = 10.84.252.32 | ||
| + | local { | ||
| + | auth = psk | ||
| + | id = 10.84.252.40 | ||
| + | } | ||
| + | remote { | ||
| + | auth = psk | ||
| + | id = 10.84.252.32 | ||
| + | } | ||
| + | children { | ||
| + | net-1 { | ||
| + | local_ts = 10.83.40.0/24 | ||
| + | remote_ts = 10.83.32.0/24 | ||
| + | start_action = start | ||
| + | esp_proposals = aes256-sha256-modp2048 | ||
| + | } | ||
| + | } | ||
| + | version = 1 | ||
| + | proposals = aes256-sha256-modp2048 | ||
| + | } | ||
| + | } | ||
| + | secrets { | ||
| + | ike-net { | ||
| + | id = 10.84.252.32 | ||
| + | secret = suxer | ||
| + | } | ||
| + | } | ||
| + | </pre> | ||
| + | *https://wiki.strongswan.org/attachments/666/swanctl.conf | ||
Aktuelle Version vom 9. Dezember 2017, 19:41 Uhr
strongswan
tiazel.vpn.int
- /etc/ipsec.conf
conn franklin-tiazel
authby=secret
keyexchange=ikev1
left=10.84.252.32
leftsubnet=10.83.32.0/24
right=10.84.252.40
rightsubnet=10.83.40.0/24
ike=aes256-sha256-modp2048
esp=aes256-sha256-modp2048
ikelifetime=3h
keylife=1h
auto=add
- /etc/ipsec.secret
10.84.252.32 10.84.252.40 : PSK "suxer"
swanctl
franklin.vpn.int
- /etc/strongswan/swanctl/swanctl.conf
connections {
net {
local_addrs = 10.84.252.40
remote_addrs = 10.84.252.32
local {
auth = psk
id = 10.84.252.40
}
remote {
auth = psk
id = 10.84.252.32
}
children {
net-1 {
local_ts = 10.83.40.0/24
remote_ts = 10.83.32.0/24
start_action = start
esp_proposals = aes256-sha256-modp2048
}
}
version = 1
proposals = aes256-sha256-modp2048
}
}
secrets {
ike-net {
id = 10.84.252.32
secret = suxer
}
}