Strongswan: Unterschied zwischen den Versionen

Aus darkrealm Wiki
Zur Navigation springen Zur Suche springen
← Zum vorherigen VersionsunterschiedZum nächsten Versionsunterschied →
Keine Bearbeitungszusammenfassung
Zeile 3: Zeile 3:
== Windows 10 ==
== Windows 10 ==
=== Windows 10 EAP-MSCHAPV2 ===
=== Windows 10 EAP-MSCHAPV2 ===
Windows 10 braucht das CA-Zertifikat in Zertifikate->Lokaler Computer->Vertrauenswürde Stammzertifizierungsstellen.
<pre>
connections {
  win-vpn {
      local_addrs  = 192.168.0.253
      remote_addrs = %any
      proposals = 3des-sha-prfsha1-modp1024,aes256-sha2_384-prfsha384-modp1024,default
      pools = v4pool,v6pool
     
      local {
        auth = pubkey
certs = darkrealm.crt
}
      remote {
        auth = eap-mschapv2
id = 192.168.122.24
eap_id = %any
    }
      children {
        win-vpn {
    local_ts  = 192.168.0.0/22,fd00:ffff:aaaa::/64,224.0.0.0/4,ff00::/8
            remote_ts = dynamic,224.0.0.0/4
            #mark_in  = %unique
            #mark_out = %unique
    ipcomp = yes
        }
      }
  }
}
pools {
    v4pool {
        addrs = 192.168.4.0/24
        dns = 192.168.1.240
dhcp = 192.168.1.240
}
    v6pool {
        addrs = fd00:ffff:aaaa::/64
        dns = fd00:ffff:aaaa::ffff
dhcp = fd00:ffff:aaaa::ffff
      }
}
secrets {
eap-chris {
id = chris
secret = punkd
}
}
</pre>


Somehow working:
Somehow working:

Version vom 25. Dezember 2018, 23:02 Uhr

StrongSwan Success Stories

Windows 10

Windows 10 EAP-MSCHAPV2

Windows 10 braucht das CA-Zertifikat in Zertifikate->Lokaler Computer->Vertrauenswürde Stammzertifizierungsstellen. 

connections {

   win-vpn {
      local_addrs  = 192.168.0.253
      remote_addrs = %any
      proposals = 3des-sha-prfsha1-modp1024,aes256-sha2_384-prfsha384-modp1024,default
      pools = v4pool,v6pool
      
      local {
         auth = pubkey
	 certs = darkrealm.crt
	 }
      remote {
         auth = eap-mschapv2
	 id = 192.168.122.24
	 eap_id = %any
	     }
      children {
         win-vpn {
	    local_ts  = 192.168.0.0/22,fd00:ffff:aaaa::/64,224.0.0.0/4,ff00::/8
            remote_ts = dynamic,224.0.0.0/4
            #mark_in  = %unique
            #mark_out = %unique
	    ipcomp = yes
         }
      }
   }
}

pools {
    v4pool {
        addrs = 192.168.4.0/24
        dns = 192.168.1.240
	dhcp = 192.168.1.240
	}
    v6pool {
        addrs = fd00:ffff:aaaa::/64
        dns = fd00:ffff:aaaa::ffff
	dhcp = fd00:ffff:aaaa::ffff
    	   }
}

secrets {
	eap-chris {
	id = chris
	secret = punkd
	}
	}


Somehow working: 

forecast {

    # Multicast groups to join locally, allowing forwarding of them.
    groups = 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250

    # Local interface to listen for broadcasts to forward.
    interface = BRIDGE_LAN

    # Whether to load the plugin. Can also be an integer to increase the
    # priority of this plugin.
    load = yes

    # CHILD_SA configurations names to perform multi/broadcast reinjection.
    # reinject = mobile,linux

}
connections {

   linux {
      local_addrs  = 192.168.3.253
      remote_addrs = darkrealm.dyndns.org
      keyingtries = 0
      
      local {
         auth = pubkey
         certs = neorealm.crt
      }
      remote {
         auth = pubkey
	 certs = darkrealm.crt
      }
      children {
         linux {
            local_ts  = 192.168.2.0/24,192.168.3.0/24,224.0.0.0/4,fd00:ffff:bbbb::/64,ff00::/8 
            remote_ts = 192.168.0.0/24,192.168.1.0/24,224.0.0.0/4,fd00:ffff:aaaa::/64,ff00::/8 
            mark_in  = %unique
            mark_out = %unique
	    ipcomp = yes
	    start_action = trap
	    close_action = trap
	    dpd_action = trap
	    
	    }
      		}
      }
}
Abgerufen von „https://darkrealm-wiki.darkrealm.dyndns.org/index.php?title=Strongswan&oldid=270