IPSec
opkg install strongswan-full
/etc/ipsec.conf
conn cz-uam type=tunnel auto=start authby=secret left=31.30.56.199 leftsubnet=10.10.2.0/24 right=95.168.217.1 rightsubnet=172.17.0.0/21 keyexchange=ikev1 ike=aes256-sha1-modp1024 esp=aes256-sha1 # leftsourceip=10.10.2.254 # left=%defaultroute # pfs=no
/etc/ipsec.secrets
%any 95.168.217.1 : PSK "<secret>"
#
ipsec start ipsec restart
# debug
ipsec statusall ip xfrm policy
# firewall
iptables -A INPUT -p esp -j ACCEPT iptables -A INPUT -p udp -m udp --dport 500 -j ACCEPT iptables -A OUTPUT -p esp -j ACCEPT iptables -A OUTPUT -p udp -m udp --dport 500 -j ACCEPT iptables -t nat -I POSTROUTING 1 -p esp -j ACCEPT
iptables -t nat -I POSTROUTING -s 10.10.2.0/24 -o pppoe-wan -m policy --dir out --pol ipsec --proto esp -j ACCEPT iptables -t nat -I PREROUTING -s 172.17.0.0/21 -i pppoe-wan -m policy --dir in --pol ipsec --proto esp -j ACCEPT
turris/ipsec.txt · Poslední úprava: 25.10.2014 19:47 autor: vm