Sophos-strongswan-dynamische-ip-cert: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 4: | Zeile 4: | ||
*/etc/ipsec.d/private/raspberrypi.key | */etc/ipsec.d/private/raspberrypi.key | ||
*/etc/ipsec.d/certs/raspberrypi.crt | */etc/ipsec.d/certs/raspberrypi.crt | ||
| − | + | /etc/ipsec.conf | |
<pre> | <pre> | ||
conn sophos-strongswan-crt | conn sophos-strongswan-crt | ||
| Zeile 20: | Zeile 20: | ||
auto=start | auto=start | ||
</pre> | </pre> | ||
| − | + | /etc/ipsec.secrets | |
: RSA raspberrypi.key "" | : RSA raspberrypi.key "" | ||
Version vom 16. September 2016, 10:42 Uhr
Strongswan
Die Zertifikate müssen hier liegen:
- /etc/ipsec.d/cacerts/xin-ca.crt
- /etc/ipsec.d/private/raspberrypi.key
- /etc/ipsec.d/certs/raspberrypi.crt
/etc/ipsec.conf
conn sophos-strongswan-crt
keyexchange=ikev1
authby=rsasig
left=%defaultroute
leftsubnet=172.17.135.0/24
leftcert="raspberrypi.crt"
leftid="@raspberrypi"
right=192.168.242.81
rightid="@sophos30"
rightsubnet=10.2.2.0/24
ike=aes256-md5-modp1536
esp=aes256-md5-modp1536
auto=start
/etc/ipsec.secrets
: RSA raspberrypi.key ""
Sophos
Sophos
Remote Gateway einrichten
- Site-to-Site-VPN
- IPsec
- Entferntes Gateway
- Neues entferntes Gateway
- Entferntes Gateway
- IPsec
IPsec-Verbindung einrichten
- Site-to-Site-VPN
- IPsec
- Verbindungen
- Neue IPsec-Verbindung
- Verbindungen
- IPsec
Die neuerstellte Verbindung
