Strongswan-swanctl zu strongswan psk ikev2 site to site
Version vom 5. September 2022, 12:57 Uhr von Thomas.will (Diskussion | Beiträge) (→/etc/swanctl/conf.d/swanctl.conf)
fw3
/etc/swanctl/conf.d/swanctl.conf
connections {
net {
local_addrs = 10.82.227.112
remote_addrs = 10.82.227.122
local {
auth = psk
id = 10.82.227.112
}
remote {
auth = psk
id = 10.82.227.122
}
children {
net-1 {
local_ts = 10.82.243.0/24
remote_ts = 10.82.244.0/24
start_action = start
esp_proposals = aes256-sha256-modp4096
}
}
version = 2
proposals = aes256-sha256-modp4096
}
}
secrets {
ike-net {
id-fw3 = 10.82.227.112
id-fw4 = 10.82.227.122
secret = suxer
}
}
fw4
/etc/swanctl/conf.d/swanctl.conf
connections {
net {
local_addrs = 10.82.227.122
remote_addrs = 10.82.227.112
local {
auth = psk
id = 10.82.227.122
}
remote {
auth = psk
id = 10.82.227.112
}
children {
net-1 {
local_ts = 10.82.244.0/24
remote_ts = 10.82.243.0/24
start_action = start
esp_proposals = aes256-sha256-modp4096
}
}
version = 2
proposals = aes256-sha256-modp4096
}
}
secrets {
ike-net {
id-fw3 = 10.82.227.112
id-fw4 = 10.82.227.122
secret = suxer
}
}
(re-)load credentials
- swanctl -s
loaded ike secret 'ike-net'
initiate a connection
- swanctl --initiate --child net-1