| Table of Contents |
|---|
Установка (Debian 11)
| Code Block |
|---|
apt install strongswan strongswan-pki libcharon-extra-plugins libcharon-extauth-plugins strongswan-starter |
Настройка
| Code Block | ||
|---|---|---|
| ||
config setup
charondebug="ike 1, knl 1, cfg 0"
uniqueids=no
conn ikev2-vpn
auto=add
compress=no
type=tunnel
keyexchange=ikev2
fragmentation=yes
forceencaps=yes
dpdaction=clear
dpddelay=300s
rekey=no
left=\%any
leftid=@vpn.domain.tld
leftcert=cert.pem
leftsendcert=always
leftsubnet=0.0.0.0/0
right=\%any
rightid=\%any
rightauth=eap-radius
rightsourceip=10.0.0.0/14
rightdns=8.8.8.8,8.8.4.4
rightsendcert=never
eap_identity=\%any |
| Code Block | ||
|---|---|---|
| ||
eap-radius {
accounting = yes
accounting_close_on_timeout = yes
load = yes
dae {
enable = yes
listen = 0.0.0.0
port = 3799
secret = secretpass
}
forward {
}
servers {
server-aventus {
address = XX.XXX.XX.XXX
auth_port = 1812
acct_port = 1813
secret = secretpass
nas_identifier = vpn-de-01_ipsec
}
}
xauth {
}
} |