Strongswan zu windows sieben
Zur Navigation springen
Zur Suche springen
VPN Gateway zertifikat
create certs
ipsec pki
- ipsec pki --gen > ca.key
- ipsec pki --self --in ca.key --dn "C=DE, O=willux, CN=willux-ca" --ca > ca.crt
- ipsec pki --gen > huey.xinux.org.key
- ipsec pki --pub --in huey.xinux.org.key | ipsec pki --issue --flag serverAuth --flag ikeIntermediate --san huey.xinux.org --cacert ca.crt --cakey ca.key --dn "C=DE, O=willux, CN=huey.xinux.org" > huey.xinux.org.crt
openssl
certs
- /etc/ipsec.d/certs/huey.xinux.org.crt
- /etc/ipsec.d/cacerts/xinux-ca.crt
- /etc/ipsec.d/private/huey.xinux.org.key
/etc/ipsec.conf
config setup #plutostart=no conn %default keyexchange=ikev2 ike=aes256-sha1-modp1024! esp=aes256-sha1! dpdaction=clear dpddelay=300s rekey=no conn win7 left=%any leftsubnet=0.0.0.0/0 leftauth=pubkey leftcert=huey.xinux.org.crt leftid=@huey.xinux.org right=%any rightsourceip=10.10.3.0/24 rightauth=eap-mschapv2 #rightsendcert=never # see note eap_identity=%any auto=add
/etc/ipsec.secrets
: RSA huey.xinux.org.key "lummel" thomas : EAP "tummel" xinux : EAP "wummel"
/etc/strongswan.conf
charon { dns1 = 192.168.240.200 nbns1 = 192.168.240.200 load_modular = yes }
windows client
- wichtig
DNS name verwenden keine IP