FireBrick Road Warrior strongSwan: Difference between revisions

FireBrick Road Warrior strongSwan (view source)

Revision as of 13:29, 4 January 2019

430 bytes added , 4 January 2019

m

→‎strongSwan Config

AA-Andrew

autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators

12,270

edits

Revision as of 20:46, 22 November 2018 (view source) AA-Andrew (talk \| contribs) m (→‎Certificate) ← Older edit		Revision as of 13:29, 4 January 2019 (view source) AA-Andrew (talk \| contribs) m (→‎strongSwan Config) Newer edit →
(6 intermediate revisions by the same user not shown)
<indicator name="RoadW">[[File:Menu-Road-Warrior.svg\|link=:Category:FireBrick IPsec Road Warrior\|30px\|Back up to the FireBrick Road Warrior Category Page]]</indicator> '''FireBrick acting as the ipsec 'server', and configuring a strongSwan/Debian client.''' This example uses strongSwan on Debian, but the config would suit other flavours once you've installed the package(s). <syntaxhighlight lang="bash"> conn ~~username~~ firebrick # Arbitrary name - doesn't have to be ~~username~~'firebrick' left=%defaultroute # Use your default route to the internet leftfirewall=yes # Yes as you may be behind firewall/NAT rightauth=pubkey # FireBrick should be set to auth-method Certificate rightid=@hostname.example.com # ID of FireBrick auto=~~start~~route # Try to connect ~~immediately~~ on startup </syntaxhighlight> If the FireBrick is configured to give an IPv6 address in the Roaming pool, then tell strongSwan to request IPv6 too: leftsourceip=%config4,%config6 Reload settings: </syntaxhighlight> If you want to route additional blocks via the tunnel, use rightsubnet, eg: [[Category:FireBrick IPsec Road Warrior\|Debian]]▼ rightsubnet=10.1.0.0/24,10.2.0.0/24,fd00:1::/64,fd00:1::/64 # IPs to route down tunnel ▲[[Category:FireBrick IPsec Road Warrior\|Debian]] == Further help== ipsec up <username> # manually attempt to bring up the connection - look for errors ipsec listcacerts # check if your cert is loaded ipsec statusall