Strongswan-swanctl zu strongswan cert ikev2 site to site
Version vom 5. September 2022, 14:33 Uhr von Thomas.will (Diskussion | Beiträge)
Grundlegendes
fw3
Cert Localisation
- Die Dateien müssen genau an diesen Stellen liegen
- find /etc/swanctl -type f
/etc/swanctl/private/fw3.key /etc/swanctl/x509/fw3.crt /etc/swanctl/x509ca/ca.crt
Config
- /etc/swanctl/conf.d/swanctl.conf
connections {
net-cert {
local_addrs = 10.82.227.112
remote_addrs = 10.82.227.122
local {
auth = pubkey
certs = fw3.crt
id = "CN=fw3"
}
remote {
auth = pubkey
id = "CN=fw4"
}
children {
net-2 {
local_ts = 192.168.112.0/24
remote_ts = 192.168.122.0/24
start_action = start
esp_proposals = aes256-sha256-modp4096
start_action=start
}
}
version = 2
proposals = aes256-sha256-modp4096
}
}
fw4
Cert Localisation
- Die Dateien müssen genau an diesen Stellen liegen
- find /etc/swanctl -type f
/etc/swanctl/private/fw4.key /etc/swanctl/x509/fw4.crt /etc/swanctl/x509ca/ca.crt
Config
- /etc/swanctl/conf.d/swanctl.conf
connections {
net-cert {
local_addrs = 10.82.227.122
remote_addrs = 10.82.227.112
local {
auth = pubkey
certs = fw4.crt
id = "CN=fw4"
}
remote {
auth = pubkey
id = "CN=fw3"
}
children {
net-2 {
local_ts = 192.168.122.0/24
remote_ts = 192.168.112.0/24
start_action = start
esp_proposals = aes256-sha256-modp4096
start_action=start
}
}
version = 2
proposals = aes256-sha256-modp4096
}
}