Xauth-pam-strongswan

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen

Install Modul

  • apt-get install strongswan strongswan-plugin-xauth-pam

Config

ipsec.conf

  • cat /etc/ipsec.conf
conn android_vpn
   left=10.134.2.5
   leftid=@nagus.xxx.de
   leftauth=pubkey
   leftcert=/etc/letsencrypt/live/nagus.xxx.de/fullchain.pem
   leftsendcert=always
   leftsubnet=0.0.0.0/0
   right=%any
   rightauth=xauth-pam
   rightsourceip=10.79.128.0/24
   esp=aes-sha1!
   auto=add

ipsec.secrets

  • cat /etc/ipsec.secrets
@nagus.xxx.de : RSA /etc/letsencrypt/live/nagus.xxx.de/privkey.pem

xauth-pam

  • /etc/strongswan.d/charon/xauth-pam.conf
xauth-pam {
    load = yes
    pam_service = ipsec
}

pam.d

  • cat /etc/pam.d/ipsec
auth    required        pam_listfile.so onerr=fail item=group sense=allow file=/etc/ipsec.group.allow
@include common-auth
@include common-account

Links

Abgerufen von „http://wiki.ixheim.de/index.php?title=Xauth-pam-strongswan&oldid=17955