Ipsec: Difference between revisions
Jump to navigation
Jump to search
(Created page with "== Overview == ipsec 유틸리티 내용 정리 == Configuration == <pre> # ipsec.conf - strongSwan IPsec configuration file # basic configuration config setup # strictcrl...") |
No edit summary |
||
| Line 48: | Line 48: | ||
esp=aes128-sha1-modp1536 | esp=aes128-sha1-modp1536 | ||
</pre> | </pre> | ||
== See also == | |||
* https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection - Strong swan configuration manual | |||
[[category:command/utility]] | [[category:command/utility]] | ||
Latest revision as of 08:32, 12 January 2017
Overview
ipsec 유틸리티 내용 정리
Configuration
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# strictcrlpolicy=yes
# uniqueids = no
# Add connections here.
# Sample VPN connections
#conn sample-self-signed
# leftsubnet=10.1.0.0/16
# leftcert=selfCert.der
# leftsendcert=never
# right=192.168.0.2
# rightsubnet=10.2.0.0/16
# rightcert=peerCert.der
# auto=start
#conn sample-with-ca-cert
# leftsubnet=10.1.0.0/16
# leftcert=myCert.pem
# right=192.168.0.2
# rightsubnet=10.2.0.0/16
# rightid="C=CH, O=Linux strongSwan CN=peer name"
# auto=start
conn example
keyexchange=ikev1
auto=add
aggressive=yes
leftsourceip=%config
leftauth=psk
leftauth2=xauth
rightauth=psk
right=192.168.100.20
rightsubnet=0.0.0.0/0
forceencaps=yes
xauth_identity=pchero@example.com
ike=aes128-sha1-modp1536
esp=aes128-sha1-modp1536
See also
- https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection - Strong swan configuration manual