IPSEC: Unterschied zwischen den Versionen

Aus darkrealm Wiki
Zur Navigation springen Zur Suche springen
← Zum vorherigen Versionsunterschied
 
(Eine dazwischenliegende Version desselben Benutzers wird nicht angezeigt)
Zeile 79: Zeile 79:
</pre>
</pre>


=== Working config with pure openswan : ===
=== Working config with pure openswan (NO DNS yet) : ===


ATTENTION: hash must be crypt() AND /etc/ipsec.d/passwd MUST have a connection description at end
ATTENTION: hash must be crypt() AND /etc/ipsec.d/passwd MUST have a connection description at end

Aktuelle Version vom 24. Oktober 2012, 16:54 Uhr

IPSEC

iPhone 4 /w iOS 5.1.1

Working config with openswan & xl2tpd :

/etc/ipsec.conf 



version	2.0

config setup
		dumpdir=/var/run/pluto/
		nat_traversal=yes
		virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
		oe=off
		protostack=netkey

conn %default
		dpdaction=clear
		dpddelay=10
		dpdtimeout=30

conn iphone
		left=192.168.0.252
		leftprotoport=17/1701

		right=%any
		rightprotoport=17/%any

		authby=secret

		pfs=no
		auto=add

/etc/xl2tpd/xl2tpd.conf 

[global]
debug tunnel = yes
debug state = yes
debug avp = yes
debug packet = yes
debug network = yes

[lns default]
ip range = 192.168.1.1 - 192.168.1.253
local ip = 192.168.1.254
require chap = yes
refuse pap = yes
require authentication = yes
name = OpenswanVPN
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

/etc/ppp/options.xl2tpd 

ms-dns 192.168.0.252
ms-dns 192.168.0.251
ms-wins 192.168.0.252
noccp
auth
crtscts
idle 1800
mtu 1400
mru 1400
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
logfile /var/log/pppd-xl2tpd.log

Working config with pure openswan (NO DNS yet) :

ATTENTION: hash must be crypt() AND /etc/ipsec.d/passwd MUST have a connection description at end

/etc/ipsec.conf 

version	2.0

config setup
		dumpdir=/var/run/pluto/
		nat_traversal=yes
		virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
		oe=off
		protostack=netkey
		interfaces=%defaultroute

conn %default
		dpdaction=clear
		dpddelay=10
		dpdtimeout=30

#conn iphone
#		left=192.168.0.252
#		leftprotoport=17/1701
#
#		right=%any
#		rightprotoport=17/%any
#
#		authby=secret
#
#		pfs=no
#		auto=add
#
conn iphone-pure
		left=192.168.0.252
		leftsubnet=192.168.0.0/24
		leftnexthop=%defaultroute
		leftxauthserver=yes
		leftmodecfgserver=yes

		right=%any
		rightsourceip=192.168.1.1
		rightxauthclient=yes
		rightmodecfgclient=yes

		modecfgpull=yes
		modecfgdns1=192.168.0.252
		modecfgdns2=192.168.0.251

		pfs=no
		ikev2=never
		authby=secret
		auto=add
Abgerufen von „https://darkrealm-wiki.darkrealm.dyndns.org/index.php?title=IPSEC&oldid=93