Krumböck Bernd

Software | Hardware | Dienstleistung

Hauptmenü

Tutorials

5. Openswan Konfiguration

Die Locale IP Adresse des Linux Rechners ist 192.168.0.101.

Abbildung 3. /etc/ipsec.secrets

zywall.dyndns.org router.dyndns.org : PSK "12345678"

Abbildung 4. /etc/ipsec.conf

version 2.0     # conforms to second version of ipsec.conf specification                                                     
# basic configuration                                                                                                         
config setup                                                                                                                  
        nat_traversal=yes                                                                                                     
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12                                                    
        plutowait=yes                                                                                                         
#Disable Opportunistic Encryption                                                                                             
include /etc/ipsec.d/examples/no_oe.conf                                                                                      
conn zywall                                                                                                                   
        right=192.168.0.101            # Openswan IP                                                                          
        rightsubnet=192.168.0.0/24     # Local subnet                                                                         
        left=zywall.dyndns.org         # Zywall public IP                                                                     
        leftsubnet=192.168.1.0/24      # Remote subnet                                                                        
        pfs=yes                        # or "no" if set to no on the router                                                   
        authby=secret                  # Don't forget the line in ipsec.secrets                                               
        disablearrivalcheck=no                                                                                                
        keylife=9600s                  # must be different than the IKE key                                                   
        keyingtries=0                  # Be very persistent                                                                   
        auto=start