Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
userdoc:tt_ipsec_vpn_strongswan [2016/12/08 09:10] droemel |
userdoc:tt_ipsec_vpn_strongswan [2021/02/26 08:21] abelbeck [IPsec VPN (strongSwan) Configuration] |
||
---|---|---|---|
Line 3: | Line 3: | ||
AstLinux now supports the [[https:// | AstLinux now supports the [[https:// | ||
- | The web interface Network tab, "IPsec Peers" and "IPsec Mobile" | + | !!Note: |
+ | |||
+ | The web interface Network tab, "IPsec Peers" and "IPsec Mobile" | ||
Three key strongSwan features not found in ipsec-tools (racoon): | Three key strongSwan features not found in ipsec-tools (racoon): | ||
Line 13: | Line 15: | ||
How does this apply within AstLinux ... | How does this apply within AstLinux ... | ||
- | * It is clear to the development team that we can't " | + | * A point-and-click web interface like the deprecated |
* strongSwan is needed to support endpoints with changing IP's and dynamic DNS names using IKEv2 MOBIKE, racoon only supports IKEv1. | * strongSwan is needed to support endpoints with changing IP's and dynamic DNS names using IKEv2 MOBIKE, racoon only supports IKEv1. | ||
* strongSwan is needed to interoperate with [[https:// | * strongSwan is needed to interoperate with [[https:// | ||
- | * Either racoon or strongSwan can run at a time, so users can continue to use IPsec Peers / IPsec Mobile or use a new text configuration with IPsec strongSwan, but not both. | ||
- | At this point in time, the "IPsec strongSwan" | + | At this point in time, the "IPsec strongSwan" |
!!Warning ->!! It should go without saying, never use the example pre-shared key values shown below, always use as long as practical, randomly generated shared keys. | !!Warning ->!! It should go without saying, never use the example pre-shared key values shown below, always use as long as practical, randomly generated shared keys. | ||
Line 50: | Line 51: | ||
\\ | \\ | ||
- | Tested with a AVM FRITZ!Box Fon WLAN 7390 with FRITZ!OS 06.51 and strongSwan 5.5.1 | + | Tested with a AVM FRITZ!Box Fon WLAN 7390 with FRITZ!OS 06.51 and strongSwan 5.5.1 (AstLinux 1.2.9-pre 64-bit) |
astlinux.example.tld: | astlinux.example.tld: | ||
Line 61: | Line 62: | ||
| | ||
config setup | config setup | ||
- | | + | # |
+ | | ||
conn %default | conn %default | ||
dpddelay=15 | dpddelay=15 | ||
Line 81: | Line 83: | ||
aggressive=yes | aggressive=yes | ||
authby=psk | authby=psk | ||
- | auto=start | + | |
+ | auto=route | ||
+ | keyingtries=%forever | ||
+ | !!Note:!! '' | ||
+ | |||
\\ | \\ | ||
**astlinux.example.tld: | **astlinux.example.tld: | ||
Line 151: | Line 157: | ||
\\ | \\ | ||
- | !!Note:!! The Fritzbox 7390 (FW 6.51) accepts | + | !!Note:!! The Fritzbox 7390 (FW 6.51) accepts Pre-shared-Keys with a length up 128 characters, which can be generated e.g. with: |
openssl rand -base64 96 | openssl rand -base64 96 |