Network Config: Difference between revisions

From Fundamental Ramen
Jump to navigation Jump to search
Line 3: Line 3:
<source lang="text">
<source lang="text">
connections {
connections {
   net-net {
   gw-gw {
    local_addrs  = 220.134.192.129
     remote_addrs = 220.133.126.63
     remote_addrs = 220.133.126.63
     local {
     local {
       auth = pubkey
       auth = psk
       certs = moonCert.pem
       id = moon.strongswan.org
     }
     }
     remote {
     remote {
       auth = pubkey
       auth = psk
       id = "C=CH, O=strongSwan, CN=sun.strongswan.org"
       id = sun.strongswan.org
     }
     }
     children {
     children {
Line 17: Line 18:
         local_ts  = 192.168.25.0/24
         local_ts  = 192.168.25.0/24
         remote_ts = 192.168.21.0/24
         remote_ts = 192.168.21.0/24
         start_action = trap
 
         updown = /usr/local/libexec/ipsec/_updown iptables
        rekey_time = 5400
        rekey_bytes = 500000000
        rekey_packets = 1000000
        esp_proposals = aes128gcm128-x25519
       }
       }
     }
     }
    version = 2
    mobike = no
    reauth_time = 10800
    proposals = aes128-sha256-x25519
  }
}
secrets {
  ike-1 {
    id-1 = moon.strongswan.org
    secret = 0x45a30759df97dc26a15b88ff
  }
  ike-2 {
    id-2 = sun.strongswan.org
    secret = "This is a strong password"
  }
  ike-3 {
    id-3a = moon.strongswan.org
    id-3b =sun.strongswan.org
    secret = 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
  }
  ike-4 {
    secret = 'My "home" is my "castle"!'
  }
  ike-5 {
    id-5 = 220.134.192.129
    secret = "********"
   }
   }
}
}

Revision as of 18:10, 28 July 2022

Strongswan (IPSec VPN)

connections {
  gw-gw {
    local_addrs  = 220.134.192.129
    remote_addrs = 220.133.126.63
    local {
      auth = psk
      id = moon.strongswan.org
    }
    remote {
      auth = psk
      id = sun.strongswan.org
    }
    children {
      net-net {
        local_ts  = 192.168.25.0/24
        remote_ts = 192.168.21.0/24

        updown = /usr/local/libexec/ipsec/_updown iptables
        rekey_time = 5400
        rekey_bytes = 500000000
        rekey_packets = 1000000
        esp_proposals = aes128gcm128-x25519
      }
    }
    version = 2
    mobike = no
    reauth_time = 10800
    proposals = aes128-sha256-x25519
  }
}

secrets {
  ike-1 {
    id-1 = moon.strongswan.org
    secret = 0x45a30759df97dc26a15b88ff
  }
  ike-2 {
    id-2 = sun.strongswan.org
    secret = "This is a strong password"
  }
  ike-3 {
    id-3a = moon.strongswan.org
    id-3b =sun.strongswan.org
    secret = 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
  }
  ike-4 {
    secret = 'My "home" is my "castle"!'
  }
  ike-5 {
    id-5 = 220.134.192.129
    secret = "********"
  }
}

See: https://docs.strongswan.org/docs/5.9/config/IKEv2.html

Samba simple config

Samba config

Samba user config

Windows Remote Disk

Retrieved from "https://wiki.fundamental-ramen.com/index.php?title=Network_Config&oldid=1878"