Openswan zu strongswan
Zur Navigation springen
Zur Suche springen
Openswan konfigurieren ( PSK )
Tunnel Parameter definieren
- Tunnelkonfiguration
/etc/ipsec.conf
conn franz-huey authby=secret left=192.168.242.249 leftsubnet=10.4.3.0/24 right=192.168.244.151 rightsubnet=10.18.44.0/24 ike=aes192-md5 phase2alg=aes192-md5 pfs=no auto=add
- PSK definieren
/etc/ipsec.secrets
192.168.242.249 192.168.244.151 : PSK "katzenklo"
Strongswan konfigurieren ( PSK )
Tunnel Parameter definieren
- Tunnelkonfiguration
/etc/ipsec.conf
conn franz-huey authby=secret left=192.168.242.249 leftsubnet=10.4.3.0/24 right=192.168.244.151 rightsubnet=10.18.44.0/24 ike=aes192-md5 esp=aes192-md5 auto=add
- PSK definieren
/etc/ipsec.secrets
192.168.242.249 192.168.244.151 : PSK "katzenklo"
Openswan konfigurieren ( X509 )
Tunnel Parameter definieren
- certs
/etc/ipsec.d/certs/franz.xinux.org.crt /etc/ipsec.d/crls/xinux-ca.crl /etc/ipsec.d/cacerts/xinux-ca.crt /etc/ipsec.d/private/franz.xinux.org.key
- Tunnelkonfiguration
/etc/ipsec.conf
conn net
authby=rsasig left=192.168.242.249 leftsubnet=10.4.3.0/24 leftid="C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=franz.xinux.org, E=technik@xinux.de" leftcert=franz.xinux.org.crt leftrsasigkey=%cert right=192.168.244.151 rightsubnet=10.18.44.0/24 rightid="C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=huey.xinux.org, E=technik@xinux.de" rightrsasigkey=%cert ike=aes192-md5-modp1024 phase2alg=aes192-md5;modp1024 compress=yes pfs=yes auto=add
- X509 definieren
/etc/ipsec.secrets
192.168.242.249 192.168.244.151 : RSA franz.xinux.org.key ""
Strongswan konfigurieren ( X509 )
Tunnel Parameter definieren
- certs
/etc/ipsec.d/certs/huey.xinux.org.crt /etc/ipsec.d/crls/xinux-ca.crl /etc/ipsec.d/cacerts/xinux-ca.crt /etc/ipsec.d/private/huey.xinux.org.key
- Tunnelkonfiguration
/etc/ipsec.conf
conn net keyexchange=ikev1 authby=rsasig left=192.168.242.249 leftsubnet=10.4.3.0/24 leftid="C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=franz.xinux.org, E=technik@xinux.de" rightcert=huey.xinux.org.crt right=192.168.244.151 rightid="C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=huey.xinux.org, E=technik@xinux.de" rightsubnet=10.18.44.0/24 ike=aes192-md5 esp=aes192-md5 auto=start
- X509 definieren
/etc/ipsec.secrets
192.168.242.249 192.168.244.151 : RSA huey.xinux.org.key ""