Strongswan ikev1 xauth psk

Aus xinux.net
Zur Navigation springen Zur Suche springen

Install xauth modul

  • apt-get install strongswan strongswan-plugin-xauth-generic

/etc/ipsec.conf

config setup
    cachecrls=yes
    uniqueids=yes

conn xauth-android
    keyexchange=ikev1
    authby=xauthpsk
    xauth=server
    left=%defaultroute
    leftsubnet=0.0.0.0/0
    leftfirewall=yes
    right=%any
    rightsubnet=10.7.0.0/24
    rightsourceip=10.7.0.2/24
    rightdns=4.2.2.1
    auto=add

/etc/ipsec.secret

10.84.252.31 %any : PSK "suxer"

xinux : XAUTH "oimel"
someone : XAUTH "anotherpassword"

Android

Edit

Strongswan-psk-xauth1.jpg

Connect

Strongswan-psk-xauth4.jpg

Status

  • ipsec statusall
Status of IKE charon daemon (weakSwan 5.3.5, Linux 4.4.0-78-generic, x86_64):
  uptime: 45 seconds, since Sep 07 17:30:45 2017
  malloc: sbrk 2727936, mmap 0, used 594112, free 2133824
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 7
  loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp lookip error-notify certexpire led addrblock unity
Virtual IP pools (size/online/offline):
  10.7.0.2/24: 253/1/0
Listening IP addresses:
  10.84.252.31
  2a02:8106:21c:201::ab:1
  10.83.31.1
  172.16.31.1
  10.111.252.1
Connections:
xauth-android:  %any...%any  IKEv1
xauth-android:   local:  [10.84.252.31] uses pre-shared key authentication
xauth-android:   remote: uses pre-shared key authentication
xauth-android:   remote: uses XAuth authentication: any
xauth-android:   child:  0.0.0.0/0 === 10.7.0.0/24 TUNNEL
Security Associations (1 up, 0 connecting):
xauth-android[2]: ESTABLISHED 6 seconds ago, 10.84.252.31[10.84.252.31]...10.84.252.168[10.84.252.168]
xauth-android[2]: Remote XAuth identity: xinux
xauth-android[2]: IKEv1 SPIs: 7020fb6255e97ca7_i b268ae8c783e90df_r*, pre-shared key reauthentication in 2 hours
xauth-android[2]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024
xauth-android{2}:  INSTALLED, TUNNEL, reqid 2, ESP SPIs: cc762945_i 0cf2ead0_o
xauth-android{2}:  AES_CBC_128/HMAC_SHA1_96, 204 bytes_i (3 pkts, 1s ago), 0 bytes_o, rekeying in 45 minutes
xauth-android{2}:   0.0.0.0/0 === 10.7.0.2/32

Source

Abgerufen von „https://xinux.net/index.php?title=Strongswan_ikev1_xauth_psk&oldid=13914