IPSec

opkg install strongswan-full

/etc/ipsec.conf

conn cz-uam
  type=tunnel
  auto=start
  authby=secret
  left=31.30.56.199
  leftsubnet=10.10.2.0/24
  right=95.168.217.1
  rightsubnet=172.17.0.0/21
  keyexchange=ikev1
  ike=aes256-sha1-modp1024
  esp=aes256-sha1
#  leftsourceip=10.10.2.254
#  left=%defaultroute
#  pfs=no

/etc/ipsec.secrets

%any 95.168.217.1 : PSK "<secret>"

#

ipsec start
ipsec restart

# debug

ipsec statusall
ip xfrm policy

# firewall

iptables -A INPUT -p esp -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 500 -j ACCEPT
iptables -A OUTPUT -p esp -j ACCEPT
iptables -A OUTPUT -p udp -m udp --dport 500 -j ACCEPT
iptables -t nat -I POSTROUTING 1 -p esp -j ACCEPT
iptables -t nat -I POSTROUTING -s 10.10.2.0/24 -o pppoe-wan -m policy --dir out --pol ipsec --proto esp -j ACCEPT
iptables -t nat -I PREROUTING -s 172.17.0.0/21 -i pppoe-wan -m policy --dir in --pol ipsec --proto esp -j ACCEPT
turris/ipsec.txt · Poslední úprava: 25.10.2014 19:47 autor: vm

Nástroje pro stránku