ABillS
Space shortcuts
Child pages
  • strongSwan
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

https://www.strongswan.org/

Установка (Debian 11)

apt install strongswan strongswan-pki libcharon-extra-plugins libcharon-extauth-plugins strongswan-starter

Настройка


ipsec.conf
config setup
charondebug="ike 1, knl 1, cfg 0"
uniqueids=no

conn ikev2-vpn
auto=add
compress=no
type=tunnel
keyexchange=ikev2
fragmentation=yes
forceencaps=yes
dpdaction=clear
dpddelay=300s
rekey=no
left=\%any
leftid=@vpn.domain.tld
leftcert=cert.pem
leftsendcert=always
leftsubnet=0.0.0.0/0
right=\%any
rightid=\%any
rightauth=eap-radius
rightsourceip=10.0.0.0/14
rightdns=8.8.8.8,8.8.4.4
rightsendcert=never
eap_identity=\%any


/etc/strongswan.d/charon/eap-radius-aventus.conf
eap-radius {
  accounting = yes
  accounting_close_on_timeout = yes
  load = yes
  dae {
    enable = yes
    listen = 0.0.0.0
    port = 3799
    secret = secretpass
  }

  forward {
  }
  servers {
    server-aventus {
     address = XX.XXX.XX.XXX
     auth_port = 1812
     acct_port = 1813
     secret = secretpass
     nas_identifier = vpn-de-01_ipsec
   }
}

  xauth {
  }
}
  • No labels