Strongswan-opnsense-dynamische-ip-cert

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen

Opensense

Phase 1

Allgemein

Strongswan-opnsens-dynamische-ip-cert-1.png

Authentifizierung

Strongswan-opnsens-dynamische-ip-cert-2.png

Strongswan

Key and Certs

  • tree /etc/ipsec.d/
/etc/ipsec.d/
├── aacerts
├── acerts
├── cacerts
│   └── ca.crt
├── certs
│   └── ubuntu.crt
├── crls
├── ocspcerts
├── policies
├── private
│   └── ubuntu.key
└── reqs

/etc/ipsec.secret

: RSA ubuntu.key ""

/etc/ipsec.conf

conn vpn
   authby=rsasig
   keyexchange=ikev2
   left=10.85.9.6
   leftcert=ubuntu.crt
   leftid="CN=ubuntu"
   leftsubnet="192.168.1.1/32"
   leftauth=pubkey
   rightauth=pubkey
   right=%any
   rightid="CN=opnsense"
   rightsubnet="192.168.0.1/32"
   rightca = "/CN=ca/"
   ike=aes256-sha256-modp4096!
   esp=aes256-sha256-modp4096!
   ikelifetime=28800s
   lifetime=3600s
   auto=add
Abgerufen von „http://wiki.ixheim.de/index.php?title=Strongswan-opnsense-dynamische-ip-cert&oldid=33649