IPSEC: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Keine Bearbeitungszusammenfassung |
|||
| (2 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 79: | Zeile 79: | ||
</pre> | </pre> | ||
=== Working config with pure openswan : === | === Working config with pure openswan (NO DNS yet) : === | ||
ATTENTION: /etc/ipsec.d/passwd MUST have a connection description at end | ATTENTION: hash must be crypt() AND /etc/ipsec.d/passwd MUST have a connection description at end | ||
/etc/ipsec.conf | |||
<pre> | |||
version 2.0 | |||
config setup | |||
dumpdir=/var/run/pluto/ | |||
nat_traversal=yes | |||
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10 | |||
oe=off | |||
protostack=netkey | |||
interfaces=%defaultroute | |||
conn %default | |||
dpdaction=clear | |||
dpddelay=10 | |||
dpdtimeout=30 | |||
#conn iphone | |||
# left=192.168.0.252 | |||
# leftprotoport=17/1701 | |||
# | |||
# right=%any | |||
# rightprotoport=17/%any | |||
# | |||
# authby=secret | |||
# | |||
# pfs=no | |||
# auto=add | |||
# | |||
conn iphone-pure | |||
left=192.168.0.252 | |||
leftsubnet=192.168.0.0/24 | |||
leftnexthop=%defaultroute | |||
leftxauthserver=yes | |||
leftmodecfgserver=yes | |||
right=%any | |||
rightsourceip=192.168.1.1 | |||
rightxauthclient=yes | |||
rightmodecfgclient=yes | |||
modecfgpull=yes | |||
modecfgdns1=192.168.0.252 | |||
modecfgdns2=192.168.0.251 | |||
pfs=no | |||
ikev2=never | |||
authby=secret | |||
auto=add | |||
</pre> | |||
Aktuelle Version vom 24. Oktober 2012, 16:54 Uhr
IPSEC
iPhone 4 /w iOS 5.1.1
Working config with openswan & xl2tpd :
/etc/ipsec.conf
version 2.0 config setup dumpdir=/var/run/pluto/ nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10 oe=off protostack=netkey conn %default dpdaction=clear dpddelay=10 dpdtimeout=30 conn iphone left=192.168.0.252 leftprotoport=17/1701 right=%any rightprotoport=17/%any authby=secret pfs=no auto=add
/etc/xl2tpd/xl2tpd.conf
[global] debug tunnel = yes debug state = yes debug avp = yes debug packet = yes debug network = yes [lns default] ip range = 192.168.1.1 - 192.168.1.253 local ip = 192.168.1.254 require chap = yes refuse pap = yes require authentication = yes name = OpenswanVPN ppp debug = yes pppoptfile = /etc/ppp/options.xl2tpd length bit = yes
/etc/ppp/options.xl2tpd
ms-dns 192.168.0.252 ms-dns 192.168.0.251 ms-wins 192.168.0.252 noccp auth crtscts idle 1800 mtu 1400 mru 1400 nodefaultroute debug lock proxyarp connect-delay 5000 logfile /var/log/pppd-xl2tpd.log
Working config with pure openswan (NO DNS yet) :
ATTENTION: hash must be crypt() AND /etc/ipsec.d/passwd MUST have a connection description at end
/etc/ipsec.conf
version 2.0 config setup dumpdir=/var/run/pluto/ nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10 oe=off protostack=netkey interfaces=%defaultroute conn %default dpdaction=clear dpddelay=10 dpdtimeout=30 #conn iphone # left=192.168.0.252 # leftprotoport=17/1701 # # right=%any # rightprotoport=17/%any # # authby=secret # # pfs=no # auto=add # conn iphone-pure left=192.168.0.252 leftsubnet=192.168.0.0/24 leftnexthop=%defaultroute leftxauthserver=yes leftmodecfgserver=yes right=%any rightsourceip=192.168.1.1 rightxauthclient=yes rightmodecfgclient=yes modecfgpull=yes modecfgdns1=192.168.0.252 modecfgdns2=192.168.0.251 pfs=no ikev2=never authby=secret auto=add