User Tools

Site Tools


strongswan_ipsec

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
strongswan_ipsec [2020/01/14 09:41]
admin
strongswan_ipsec [2020/05/30 08:33] (current)
admin
Line 1: Line 1:
-=== Ubuntu: === +=== StrongSwan: === 
-/etc/ipsec.conf+ipsec.conf
 <​code>​ <​code>​
 config setup config setup
         # strictcrlpolicy=yes         # strictcrlpolicy=yes
-        uniqueids = yes +        ​uniqueids = no 
-        oe=off +conn %default 
-        protostack=netkey + dpdaction=restart 
-conn home-42 + ​dpddelay=35s 
-    ​authby=secret + ​dpdtimeout=120s 
-    auto=start + authby=secret 
-    dpddelay=30s + fragmentation=yes 
-    dpdtimeout=120s + ​rekey=yes 
-    ​dpdaction=restart + keyexchange=ikev1 
-    auth=esp + ikelifetime=86400s 
-    ​pfs=no + keyingtries=%forever 
-    ​rekey=no + ​lifetime=3600s 
-    fragmentation=yes + ike=3des-sha1-modp1024
-    type=transport + ​esp=3des-sha1-modp1024
-    ike=aes128-sha1-modp1024 + ​auto=start 
-    ​ikelifetime=86400s + ​compress=no 
-    lifetime=3600s + ​type=tunnel 
-    ​keyexchange=ikev1 +conn home 
-    esp=aes128-sha1-modp1024,aes256-sha1-modp1024 + ​type=tunnel 
-    left=116.203.32.16 + left=178.63.214.107 
-    right=84.39.246.60+ ​right=%any
  
 </​code>​ </​code>​
Line 32: Line 32:
  
 <​code>​ <​code>​
 +/ip ipsec peer
 +add address=178.63.214.107/​32 local-address=84.39.246.60 name=nexus profile=nexus
 +/ip ipsec identity
 +add peer=nexus secret="​MYSECRET"​
 +/ip ipsec profile
 +add dh-group=modp1024 enc-algorithm=3des name=nexus nat-traversal=no hash-algorithm=sha1
 +/ip ipsec proposal
 +add enc-algorithms=3des lifetime=1h name=nexus
 /ip ipsec policy /ip ipsec policy
-add comment="​policy UDP" ​dst-address=116.203.32.168/32 proposal=gre-hetzner protocol=udp ​src-address=84.39.246.60/​32 +add dst-address=178.63.214.107/32 src-address=84.39.246.60/​32 ​\ 
-add comment="​policy ALL" ​dst-address=116.203.32.168/32 proposal=gre-hetzner ​src-address=84.39.246.60/32+sa-dst-address=178.63.214.107 sa-src-address=84.39.246.60 ​
 +peer=nexus proposal=nexus protocol=icmp tunnel=yes 
 </​code>​ </​code>​
strongswan_ipsec.1578994902.txt.gz · Last modified: 2020/01/14 09:41 by admin