Strongswan ikev1 xauth psk
Zur Navigation springen
Zur Suche springen
Install xauth modul
- apt-get install strongswan strongswan-plugin-xauth-generic
/etc/ipsec.conf
config setup cachecrls=yes uniqueids=yes conn xauth-android keyexchange=ikev1 authby=xauthpsk xauth=server left=%defaultroute leftsubnet=0.0.0.0/0 leftfirewall=yes right=%any rightsubnet=10.7.0.0/24 rightsourceip=10.7.0.2/24 rightdns=4.2.2.1 auto=add
/etc/ipsec.secret
10.84.252.31 %any : PSK "suxer" xinux : XAUTH "oimel" someone : XAUTH "anotherpassword"
Android
Edit
Connect
Status
- ipsec statusall
Status of IKE charon daemon (weakSwan 5.3.5, Linux 4.4.0-78-generic, x86_64): uptime: 45 seconds, since Sep 07 17:30:45 2017 malloc: sbrk 2727936, mmap 0, used 594112, free 2133824 worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 7 loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp lookip error-notify certexpire led addrblock unity Virtual IP pools (size/online/offline): 10.7.0.2/24: 253/1/0 Listening IP addresses: 10.84.252.31 2a02:8106:21c:201::ab:1 10.83.31.1 172.16.31.1 10.111.252.1 Connections: xauth-android: %any...%any IKEv1 xauth-android: local: [10.84.252.31] uses pre-shared key authentication xauth-android: remote: uses pre-shared key authentication xauth-android: remote: uses XAuth authentication: any xauth-android: child: 0.0.0.0/0 === 10.7.0.0/24 TUNNEL Security Associations (1 up, 0 connecting): xauth-android[2]: ESTABLISHED 6 seconds ago, 10.84.252.31[10.84.252.31]...10.84.252.168[10.84.252.168] xauth-android[2]: Remote XAuth identity: xinux xauth-android[2]: IKEv1 SPIs: 7020fb6255e97ca7_i b268ae8c783e90df_r*, pre-shared key reauthentication in 2 hours xauth-android[2]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 xauth-android{2}: INSTALLED, TUNNEL, reqid 2, ESP SPIs: cc762945_i 0cf2ead0_o xauth-android{2}: AES_CBC_128/HMAC_SHA1_96, 204 bytes_i (3 pkts, 1s ago), 0 bytes_o, rekeying in 45 minutes xauth-android{2}: 0.0.0.0/0 === 10.7.0.2/32