Strongswan zu windows sieben

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen

VPN Gateway zertifikat

create certs

certs

  • /etc/ipsec.d/certs/huey.xinux.org.crt
  • /etc/ipsec.d/cacerts/xinux-ca.crt
  • /etc/ipsec.d/private/huey.xinux.org.key

/etc/ipsec.conf

config setup
    #plutostart=no

conn %default
    keyexchange=ikev2
    ike=aes256-sha1-modp1024!
    esp=aes256-sha1!
    dpdaction=clear
    dpddelay=300s
    rekey=no

conn win7
    left=%any
    leftsubnet=0.0.0.0/0
    leftauth=pubkey
    leftcert=huey.xinux.org.crt
    leftid=@huey.xinux.org
    right=%any
    rightsourceip=10.10.3.0/24
    rightauth=eap-mschapv2
    #rightsendcert=never   # see note
    eap_identity=%any
    auto=add

/etc/ipsec.secrets

: RSA huey.xinux.org.key "lummel"
thomas : EAP "tummel"
xinux  : EAP "wummel"

/etc/strongswan.conf

charon {
        dns1  = 192.168.240.200
        nbns1 = 192.168.240.200
        load_modular = yes
        
}

windows client

  • wichtig

DNS name verwenden keine IP

Abgerufen von „http://wiki.ixheim.de/index.php?title=Strongswan_zu_windows_sieben&oldid=5581