Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick Road Warrior strongSwan: Difference between revisions

← Older edit
Content deleted Content added
Reedy (talk | contribs)
editor
706 edits
m see also!
AA-Andrew (talk | contribs)
autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators
12,659 edits
 
(2 intermediate revisions by one other user not shown)
Line 16: Line 16:
==CA Certificate==
==CA Certificate==


Usually you can use ACME and Letsencrypt to assign a certificate to the FireBrick, so skip the next step if you're doing this.
Download your CA certificate from the FireBrick, and copy to /etc/ipsec.d/cacerts/ on your client box. Strongswan shouldn't mind if PEM or DER.

If using a manually creates certificate, Download your CA certificate from the FireBrick, and copy to <tt>/etc/ipsec.d/cacerts/</tt> on your client box. Strongswan shouldn't mind if PEM or DER.


If you're using a Let's Encrypt cert on the FireBrick (which is easy) - you'll need to symlink the system CA:
If you're using a Let's Encrypt cert on the FireBrick (which is easy) - you'll need to symlink the system CA:
Line 60: Line 62:
Here's some StrongSwan info on split tunnelling: https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling
Here's some StrongSwan info on split tunnelling: https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling


You use leftsubnet on the strongSwan roadwarrior to determine whether to use the tunnel as default gateway - you'd need leftsubnet=0.0.0.0/0 to ensure all traffic used the tunnel, and leftsubnet=<serverLAN> for split tunnelling.
You use <tt>leftsubnet</tt> on the strongSwan roadwarrior to determine whether to use the tunnel as default gateway - you'd need <tt>leftsubnet=0.0.0.0/0</tt> to ensure all traffic used the tunnel, and <tt>leftsubnet=<serverLAN></tt> for split tunnelling.


For example:
For example:
Retrieved from "http://support.aa.net.uk/FireBrick_Road_Warrior_strongSwan"