Ipsec: Difference between revisions

From 탱이의 잡동사니
Jump to navigation Jump to search
(Created page with "== Overview == ipsec 유틸리티 내용 정리 == Configuration == <pre> # ipsec.conf - strongSwan IPsec configuration file # basic configuration config setup # strictcrl...")
 
No edit summary
 
Line 48: Line 48:
         esp=aes128-sha1-modp1536
         esp=aes128-sha1-modp1536
</pre>
</pre>
== See also ==
* https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection - Strong swan configuration manual


[[category:command/utility]]
[[category:command/utility]]

Latest revision as of 08:32, 12 January 2017

Overview

ipsec 유틸리티 내용 정리

Configuration

# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
	# strictcrlpolicy=yes
	# uniqueids = no

# Add connections here.

# Sample VPN connections

#conn sample-self-signed
#      leftsubnet=10.1.0.0/16
#      leftcert=selfCert.der
#      leftsendcert=never
#      right=192.168.0.2
#      rightsubnet=10.2.0.0/16
#      rightcert=peerCert.der
#      auto=start

#conn sample-with-ca-cert
#      leftsubnet=10.1.0.0/16
#      leftcert=myCert.pem
#      right=192.168.0.2
#      rightsubnet=10.2.0.0/16
#      rightid="C=CH, O=Linux strongSwan CN=peer name"
#      auto=start

conn example
        keyexchange=ikev1
        auto=add
        aggressive=yes
        leftsourceip=%config
        leftauth=psk
        leftauth2=xauth
        rightauth=psk
        right=192.168.100.20
        rightsubnet=0.0.0.0/0
        forceencaps=yes
        xauth_identity=pchero@example.com
        ike=aes128-sha1-modp1536
        esp=aes128-sha1-modp1536

See also