IPSEC: Unterschied zwischen den Versionen

/etc/ipsec.conf

version	2.0

config setup
		dumpdir=/var/run/pluto/
		nat_traversal=yes
		virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
		oe=off
		protostack=netkey

conn %default
		dpdaction=clear
		dpddelay=10
		dpdtimeout=30

conn iphone
		left=192.168.0.252
		leftprotoport=17/1701

		right=%any
		rightprotoport=17/%any

		authby=secret

		pfs=no
		auto=add

/etc/xl2tpd/xl2tpd.conf

[global]
debug tunnel = yes
debug state = yes
debug avp = yes
debug packet = yes
debug network = yes

[lns default]
ip range = 192.168.1.1 - 192.168.1.253
local ip = 192.168.1.254
require chap = yes
refuse pap = yes
require authentication = yes
name = OpenswanVPN
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

/etc/ppp/options.xl2tpd

ms-dns 192.168.0.252
ms-dns 192.168.0.251
ms-wins 192.168.0.252
noccp
auth
crtscts
idle 1800
mtu 1400
mru 1400
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
logfile /var/log/pppd-xl2tpd.log

ATTENTION: hash must be crypt() AND /etc/ipsec.d/passwd MUST have a connection description at end

/etc/ipsec.conf

version	2.0

config setup
		dumpdir=/var/run/pluto/
		nat_traversal=yes
		virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
		oe=off
		protostack=netkey
		interfaces=%defaultroute

conn %default
		dpdaction=clear
		dpddelay=10
		dpdtimeout=30

#conn iphone
#		left=192.168.0.252
#		leftprotoport=17/1701
#
#		right=%any
#		rightprotoport=17/%any
#
#		authby=secret
#
#		pfs=no
#		auto=add
#
conn iphone-pure
		left=192.168.0.252
		leftsubnet=192.168.0.0/24
		leftnexthop=%defaultroute
		leftxauthserver=yes
		leftmodecfgserver=yes

		right=%any
		rightsourceip=192.168.1.1
		rightxauthclient=yes
		rightmodecfgclient=yes

		modecfgpull=yes
		modecfgdns1=192.168.0.252
		modecfgdns2=192.168.0.251

		pfs=no
		ikev2=never
		authby=secret
		auto=add