Openswan zu strongswan

Aus xinux.net
Zur Navigation springen Zur Suche springen

Openswan konfigurieren ( PSK )

Tunnel Parameter definieren

Tunnelkonfiguration

/etc/ipsec.conf 

conn franz-huey
       authby=secret
       left=192.168.242.249
       leftsubnet=10.4.3.0/24
       right=192.168.244.151
       rightsubnet=10.18.44.0/24
       ike=aes192-md5
       phase2alg=aes192-md5
       pfs=no
       auto=add
PSK definieren

/etc/ipsec.secrets 

192.168.242.249 192.168.244.151 : PSK "katzenklo"

Strongswan konfigurieren ( PSK )

Tunnel Parameter definieren

Tunnelkonfiguration

/etc/ipsec.conf 

conn franz-huey
       authby=secret
       left=192.168.242.249
       leftsubnet=10.4.3.0/24
       right=192.168.244.151
       rightsubnet=10.18.44.0/24
       ike=aes192-md5
       esp=aes192-md5
       auto=add
PSK definieren

/etc/ipsec.secrets 

192.168.242.249 192.168.244.151 : PSK "katzenklo"


Openswan konfigurieren ( X509 )

Tunnel Parameter definieren

certs
/etc/ipsec.d/certs/franz.xinux.org.crt
/etc/ipsec.d/crls/xinux-ca.crl
/etc/ipsec.d/cacerts/xinux-ca.crt
/etc/ipsec.d/private/franz.xinux.org.key
Tunnelkonfiguration

/etc/ipsec.conf

conn net 

     authby=rsasig
     left=192.168.242.249
     leftsubnet=10.4.3.0/24
     leftid="C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=franz.xinux.org, E=technik@xinux.de"
     leftcert=franz.xinux.org.crt
     leftrsasigkey=%cert
     right=192.168.244.151
     rightsubnet=10.18.44.0/24
     rightid="C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=huey.xinux.org, E=technik@xinux.de"
     rightrsasigkey=%cert
     ike=aes192-md5-modp1024
     phase2alg=aes192-md5;modp1024
     compress=yes
     pfs=yes
     auto=add



X509 definieren

/etc/ipsec.secrets 

192.168.242.249 192.168.244.151 : RSA franz.xinux.org.key ""

Strongswan konfigurieren ( X509 )

Tunnel Parameter definieren

certs
/etc/ipsec.d/certs/huey.xinux.org.crt
/etc/ipsec.d/crls/xinux-ca.crl
/etc/ipsec.d/cacerts/xinux-ca.crt
/etc/ipsec.d/private/huey.xinux.org.key
Tunnelkonfiguration

/etc/ipsec.conf 

conn net
      keyexchange=ikev1
      authby=rsasig
      left=192.168.242.249
      leftsubnet=10.4.3.0/24
      leftid="C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=franz.xinux.org, E=technik@xinux.de"
      rightcert=huey.xinux.org.crt
      right=192.168.244.151
      rightid="C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=huey.xinux.org, E=technik@xinux.de"
      rightsubnet=10.18.44.0/24
      ike=aes192-md5
      esp=aes192-md5
      auto=start
X509 definieren

/etc/ipsec.secrets 

192.168.242.249 192.168.244.151 : RSA huey.xinux.org.key ""
Abgerufen von „https://xinux.net/index.php?title=Openswan_zu_strongswan&oldid=5525