FireBrick Road Warrior strongSwan: Difference between revisions

FireBrick Road Warrior strongSwan (view source)

Revision as of 17:52, 19 November 2021

257 bytes added , 19 November 2021

fix syntax

Reedy

editor

698

edits

Revision as of 12:54, 23 November 2018 (view source) AA-Andrew (talk \| contribs) m (→‎Split Tunneling) ← Older edit		Revision as of 17:52, 19 November 2021 (view source) Reedy (talk \| contribs) (fix syntax) Newer edit →
(4 intermediate revisions by one other user not shown)
<indicator name="RoadW">[[File:Menu-Road-Warrior.svg\|link=:Category:FireBrick IPsec Road Warrior\|30px\|Back up to the FireBrick Road Warrior Category Page]]</indicator> '''FireBrick acting as the ipsec 'server', and configuring a strongSwan/Debian client.''' This example uses strongSwan on Debian, but the config would suit other flavours once you've installed the package(s). <syntaxhighlight lang="bash"> conn ~~username~~ firebrick # Arbitrary name - doesn't have to be ~~username~~'firebrick' left=%defaultroute # Use your default route to the internet leftfirewall=yes # Yes as you may be behind firewall/NAT auto=route # Try to connect on startup </syntaxhighlight> If the FireBrick is configured to give an IPv6 address in the Roaming pool, then tell strongSwan to request IPv6 too: leftsourceip=%config4,%config6 Reload settings: For example: <syntaxhighlight lang="ini"> leftsourceip=%config4,%config6 rightsubnet=0.0.0.0/0,::/0 rightsubnet=10.1.0.0/24,10.2.0.0/24,fd00:1::/64,fd00:1::/64 # IPs to route down tunnel [[Category:FireBrick IPsec Road Warrior\|Debian]]▼ == Further help== ipsec listcacerts # check if your cert is loaded ipsec statusall ▲[[Category:FireBrick IPsec Road Warrior\|Debian]]