Strongswan bridge mit gre-tunnel: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „=strongswan= ==host germany== */etc/ipsec.conf <pre> conn france-gemany authby=secret type=transport auto=start ike=aes256-sha256-modp2…“) |
|||
| Zeile 32: | Zeile 32: | ||
*/etc/ipsec.secrets | */etc/ipsec.secrets | ||
10.130.206.42 10.134.2.5 : PSK "suxer" | 10.130.206.42 10.134.2.5 : PSK "suxer" | ||
| + | =gre-tunnel= | ||
| + | ==host germany== | ||
| + | */etc/network/interface | ||
| + | <pre> | ||
| + | auto ens15 | ||
| + | iface ens15 inet manual | ||
| + | |||
| + | auto dmz | ||
| + | iface dmz inet manual | ||
| + | post-up ip link add gretap1 type gretap local 10.130.206.42 remote 10.134.2.5 | ||
| + | post-up ip link set dev gretap1 up | ||
| + | post-up brctl addif dmz gretap1 | ||
| + | bridge_ports ens15 tap1 | ||
| + | bridge_stp off | ||
| + | bridge_maxwait 10 | ||
| + | </pre> | ||
| + | |||
| + | ==host france== | ||
| + | */etc/network/interface | ||
| + | <pre> | ||
| + | auto ens15 | ||
| + | iface ens15 inet manual | ||
| + | |||
| + | auto dmz | ||
| + | iface dmz inet manual | ||
| + | post-up ip link add gretap1 type gretap local 10.134.2.5 remote 10.130.206.42 | ||
| + | post-up ip link set dev gretap1 up | ||
| + | post-up brctl addif dmz gretap1 | ||
| + | bridge_ports ens15 tap1 | ||
| + | bridge_stp off | ||
| + | bridge_maxwait 10 | ||
| + | </pre> | ||
Version vom 27. September 2018, 14:33 Uhr
strongswan
host germany
- /etc/ipsec.conf
conn france-gemany
authby=secret
type=transport
auto=start
ike=aes256-sha256-modp2048
esp=aes256-sha256-modp2048
keyexchange=ikev2
left=10.134.2.5
right=10.130.206.42
auto=start
- /etc/ipsec.secrets
10.130.206.42 10.134.2.5 : PSK "suxer"
host france
- /etc/ipsec.conf
conn france-gemany
authby=secret
type=transport
auto=start
ike=aes256-sha256-modp2048
esp=aes256-sha256-modp2048
keyexchange=ikev2
left=10.134.2.5
right=10.130.206.42
auto=start
- /etc/ipsec.secrets
10.130.206.42 10.134.2.5 : PSK "suxer"
gre-tunnel
host germany
- /etc/network/interface
auto ens15
iface ens15 inet manual
auto dmz
iface dmz inet manual
post-up ip link add gretap1 type gretap local 10.130.206.42 remote 10.134.2.5
post-up ip link set dev gretap1 up
post-up brctl addif dmz gretap1
bridge_ports ens15 tap1
bridge_stp off
bridge_maxwait 10
host france
- /etc/network/interface
auto ens15
iface ens15 inet manual
auto dmz
iface dmz inet manual
post-up ip link add gretap1 type gretap local 10.134.2.5 remote 10.130.206.42
post-up ip link set dev gretap1 up
post-up brctl addif dmz gretap1
bridge_ports ens15 tap1
bridge_stp off
bridge_maxwait 10