IPSEC: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 79: | Zeile 79: | ||
</pre> | </pre> | ||
=== Working config with pure openswan (NO DNS yet: === | === Working config with pure openswan (NO DNS yet) : === | ||
ATTENTION: hash must be crypt() AND /etc/ipsec.d/passwd MUST have a connection description at end | ATTENTION: hash must be crypt() AND /etc/ipsec.d/passwd MUST have a connection description at end | ||
Aktuelle Version vom 24. Oktober 2012, 16:54 Uhr
IPSEC
iPhone 4 /w iOS 5.1.1
Working config with openswan & xl2tpd :
/etc/ipsec.conf
version 2.0 config setup dumpdir=/var/run/pluto/ nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10 oe=off protostack=netkey conn %default dpdaction=clear dpddelay=10 dpdtimeout=30 conn iphone left=192.168.0.252 leftprotoport=17/1701 right=%any rightprotoport=17/%any authby=secret pfs=no auto=add
/etc/xl2tpd/xl2tpd.conf
[global] debug tunnel = yes debug state = yes debug avp = yes debug packet = yes debug network = yes [lns default] ip range = 192.168.1.1 - 192.168.1.253 local ip = 192.168.1.254 require chap = yes refuse pap = yes require authentication = yes name = OpenswanVPN ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes
/etc/ppp/options.xl2tpd
ms-dns 192.168.0.252 ms-dns 192.168.0.251 ms-wins 192.168.0.252 noccp auth crtscts idle 1800 mtu 1400 mru 1400 nodefaultroute debug lock proxyarp connect-delay 5000 logfile /var/log/pppd-xl2tpd.log
Working config with pure openswan (NO DNS yet) :
ATTENTION: hash must be crypt() AND /etc/ipsec.d/passwd MUST have a connection description at end
/etc/ipsec.conf
version 2.0 config setup dumpdir=/var/run/pluto/ nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10 oe=off protostack=netkey interfaces=%defaultroute conn %default dpdaction=clear dpddelay=10 dpdtimeout=30 #conn iphone # left=192.168.0.252 # leftprotoport=17/1701 # # right=%any # rightprotoport=17/%any # # authby=secret # # pfs=no # auto=add # conn iphone-pure left=192.168.0.252 leftsubnet=192.168.0.0/24 leftnexthop=%defaultroute leftxauthserver=yes leftmodecfgserver=yes right=%any rightsourceip=192.168.1.1 rightxauthclient=yes rightmodecfgclient=yes modecfgpull=yes modecfgdns1=192.168.0.252 modecfgdns2=192.168.0.251 pfs=no ikev2=never authby=secret auto=add