Strongswan zu strongswan: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 1: | Zeile 1: | ||
| + | =Erklärung= | ||
| + | {| class="wikitable" | ||
| + | |- | ||
| + | ! Option | ||
| + | ! Bedeutung | ||
| + | ! Beispiel | ||
| + | |- | ||
| + | | conn | ||
| + | | VPN Verbindung | ||
| + | | to-office | ||
| + | |- | ||
| + | | authby | ||
| + | | Authentifizierungsverfahren | ||
| + | | secret<br />rsasig | ||
| + | |- | ||
| + | | keyexchange | ||
| + | | Internet Key Exchange | ||
| + | | ikev1<br />ikev2 | ||
| + | |- | ||
| + | | left | ||
| + | | IP des einen VPN Gateways | ||
| + | | 10.82.227.12 | ||
| + | |- | ||
| + | | right | ||
| + | | IP des anderen VPN Gateways | ||
| + | | 10.82.227.22 | ||
| + | |- | ||
| + | | leftnet | ||
| + | | Netzwerk hinter dem einen VPN Gateway | ||
| + | | 10.82.243.0/24 | ||
| + | |- | ||
| + | | rightnet | ||
| + | | Netzwerk hinter dem anderen VPN Gateway | ||
| + | | 10.82.244.0/24 | ||
| + | |- | ||
| + | | ike | ||
| + | | Crypto-Suite Phase 1 bestehend aus <br />Symetrisches Verschlüsselungsverfahren<br />Hash Algorithmus<br />Diffie-Hellman-Gruppe<br /><br /> | ||
| + | | aes256-sha256-modp4096 | ||
| + | |- | ||
| + | | esp | ||
| + | | Crypto-Suite Phase 1 bestehend aus <br />Symetrisches Verschlüsselungsverfahren<br /><br />Hash Algorithmus<br /><br />Diffie-Hellman-Gruppe<br /> | ||
| + | | aes256-sha256-modp4096 | ||
| + | |- | ||
| + | | auto | ||
| + | | Verhalten der VPN | ||
| + | | start<br />route | ||
| + | |- | ||
| + | | mobike | ||
| + | | Verhalten von NAT-Traversal | ||
| + | | yes<br />no | ||
| + | |} | ||
| + | |||
| + | |||
=Config is the same on both sites= | =Config is the same on both sites= | ||
==ipsec.conf== | ==ipsec.conf== | ||
| Zeile 16: | Zeile 69: | ||
==ipsec.secrets== | ==ipsec.secrets== | ||
10.82.227.12 10.82.227.22 : PSK "suxer" | 10.82.227.12 10.82.227.22 : PSK "suxer" | ||
| + | |||
=Handling= | =Handling= | ||
=Up= | =Up= | ||
Version vom 5. September 2022, 08:29 Uhr
Erklärung
| Option | Bedeutung | Beispiel |
|---|---|---|
| conn | VPN Verbindung | to-office |
| authby | Authentifizierungsverfahren | secret rsasig |
| keyexchange | Internet Key Exchange | ikev1 ikev2 |
| left | IP des einen VPN Gateways | 10.82.227.12 |
| right | IP des anderen VPN Gateways | 10.82.227.22 |
| leftnet | Netzwerk hinter dem einen VPN Gateway | 10.82.243.0/24 |
| rightnet | Netzwerk hinter dem anderen VPN Gateway | 10.82.244.0/24 |
| ike | Crypto-Suite Phase 1 bestehend aus Symetrisches Verschlüsselungsverfahren Hash Algorithmus Diffie-Hellman-Gruppe |
aes256-sha256-modp4096 |
| esp | Crypto-Suite Phase 1 bestehend aus Symetrisches Verschlüsselungsverfahren Hash Algorithmus Diffie-Hellman-Gruppe |
aes256-sha256-modp4096 |
| auto | Verhalten der VPN | start route |
| mobike | Verhalten von NAT-Traversal | yes no |
Config is the same on both sites
ipsec.conf
conn s2s
authby=secret
keyexchange=ikev1
left=10.82.227.12
leftsubnet=10.82.243.0/24
mobike=no
right=10.82.227.22
rightsubnet=10.82.244.0/24
ike=aes256-sha256-modp4096
esp=aes256-sha256-modp4096
auto=start
ipsec.secrets
10.82.227.12 10.82.227.22 : PSK "suxer"
Handling
Up
- ipsec up s2s
Down
- ipsec down s2s