12,270
edits
This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!
m (→Certificate) |
|||
(6 intermediate revisions by the same user not shown) | |||
<indicator name="RoadW">[[File:Menu-Road-Warrior.svg|link=:Category:FireBrick IPsec Road Warrior|30px|Back up to the FireBrick Road Warrior Category Page]]</indicator>
'''FireBrick acting as the ipsec 'server', and configuring a strongSwan/Debian client.'''
This example uses strongSwan on Debian, but the config would suit other flavours once you've installed the package(s).
<syntaxhighlight lang="bash">
conn
left=%defaultroute # Use your default route to the internet
leftfirewall=yes # Yes as you may be behind firewall/NAT
rightauth=pubkey # FireBrick should be set to auth-method Certificate
rightid=@hostname.example.com # ID of FireBrick
auto=
</syntaxhighlight>
If the FireBrick is configured to give an IPv6 address in the Roaming pool, then tell strongSwan to request IPv6 too:
leftsourceip=%config4,%config6
Reload settings:
</syntaxhighlight>
If you want to route additional blocks via the tunnel, use rightsubnet, eg:
[[Category:FireBrick IPsec Road Warrior|Debian]]▼
rightsubnet=10.1.0.0/24,10.2.0.0/24,fd00:1::/64,fd00:1::/64 # IPs to route down tunnel
▲[[Category:FireBrick IPsec Road Warrior|Debian]]
== Further help==
ipsec up <username> # manually attempt to bring up the connection - look for errors
ipsec listcacerts # check if your cert is loaded
ipsec statusall
|
edits