Strongswan-swanctl zu strongswan psk ikev2 site to site

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen

fw3

/etc/swanctl/conf.d/swanctl.conf

connections {
   net {
      local_addrs  = 10.82.227.112
      remote_addrs  = 10.82.227.122
      local {
         auth = psk
         id = 10.82.227.112
      }
      remote {
         auth = psk
         id = 10.82.227.122
      }
      children {
         net-1 {
            local_ts  = 10.82.243.0/24
            remote_ts  = 10.82.244.0/24
            start_action = start
            esp_proposals = aes256-sha256-modp4096
         }
      }
      version = 2
      proposals = aes256-sha256-modp4096
   }
}
secrets {
   ike-net {
      id-fw3 = 10.82.227.112
      id-fw4 = 10.82.227.122
      secret = suxer
   }
}

fw4

/etc/swanctl/conf.d/swanctl.conf

connections {
   net {
      local_addrs  = 10.82.227.122
      remote_addrs  = 10.82.227.112
      local {
         auth = psk
         id = 10.82.227.122
      }
      remote {
         auth = psk
         id = 10.82.227.112
      }
      children {
         net-1 {
            local_ts  = 10.82.244.0/24
            remote_ts  = 10.82.243.0/24
            start_action = start
            esp_proposals = aes256-sha256-modp4096
         }
      }
      version = 2
      proposals = aes256-sha256-modp4096
   }
}
secrets {
   ike-net {
      id-fw3 = 10.82.227.112
      id-fw4 = 10.82.227.122
      secret = suxer
   }
}
Abgerufen von „http://wiki.ixheim.de/index.php?title=Strongswan-swanctl_zu_strongswan_psk_ikev2_site_to_site&oldid=34601