Xauth-pam-strongswan
Zur Navigation springen
Zur Suche springen
Install Modul
- apt-get install strongswan strongswan-plugin-xauth-pam
Config
ipsec.conf
- cat /etc/ipsec.conf
conn android_vpn left=10.134.2.5 leftid=@nagus.xxx.de leftauth=pubkey leftcert=/etc/letsencrypt/live/nagus.xxx.de/fullchain.pem leftsendcert=always leftsubnet=0.0.0.0/0 right=%any rightauth=xauth-pam rightsourceip=10.79.128.0/24 esp=aes-sha1! auto=add
ipsec.secrets
- cat /etc/ipsec.secrets
@nagus.xxx.de : RSA /etc/letsencrypt/live/nagus.xxx.de/privkey.pem
xauth-pam
- /etc/strongswan.d/charon/xauth-pam.conf
xauth-pam { load = yes pam_service = ipsec }
pam.d
- cat /etc/pam.d/ipsec
auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/ipsec.group.allow @include common-auth @include common-account
group handling
add group
- groupadd vpn
user to group
- gpasswd -a xinux vpn ==ipsec.group.allow==
group.allow
- cat /etc/ipsec.group.allow
vpn