Ipsec

From 탱이의 잡동사니
Jump to navigation Jump to search

Overview

ipsec 유틸리티 내용 정리

Configuration

# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
	# strictcrlpolicy=yes
	# uniqueids = no

# Add connections here.

# Sample VPN connections

#conn sample-self-signed
#      leftsubnet=10.1.0.0/16
#      leftcert=selfCert.der
#      leftsendcert=never
#      right=192.168.0.2
#      rightsubnet=10.2.0.0/16
#      rightcert=peerCert.der
#      auto=start

#conn sample-with-ca-cert
#      leftsubnet=10.1.0.0/16
#      leftcert=myCert.pem
#      right=192.168.0.2
#      rightsubnet=10.2.0.0/16
#      rightid="C=CH, O=Linux strongSwan CN=peer name"
#      auto=start

conn example
        keyexchange=ikev1
        auto=add
        aggressive=yes
        leftsourceip=%config
        leftauth=psk
        leftauth2=xauth
        rightauth=psk
        right=192.168.100.20
        rightsubnet=0.0.0.0/0
        forceencaps=yes
        xauth_identity=pchero@example.com
        ike=aes128-sha1-modp1536
        esp=aes128-sha1-modp1536

See also