/etc/swanctl/x509ca/strongswanCert.pem
/etc/swanctl/x509/moonCert.pem
- /etc/swanctl/priv/moonKey.pem
+ /etc/swanctl/private/moonKey.pem
/etc/swanctl/swanctl.conf:
local_ts = 10.1.0.0/16
remote_ts = 10.2.0.0/16
start_action = trap
- }
+ }
}
}
}
/etc/swanctl/x509ca/strongswanCert.pem
/etc/swanctl/x509/sunCert.pem
- /etc/swanctl/priv/sunKey.pem
+ /etc/swanctl/private/sunKey.pem
/etc/swanctl/swanctl.conf:
local_ts = 10.2.0.0/16
remote_ts = 10.1.0.0/16
start_action = trap
- }
+ }
}
}
}
| 192.168.0.1 | === | 192.168.0.2 |
moon sun
- Configuration on host _moon_:
+Configuration on host _moon_:
/etc/swanctl/x509ca/strongswanCert.pem
/etc/swanctl/x509/moonCert.pem
- /etc/swanctl/priv/moonKey.pem
+ /etc/swanctl/private/moonKey.pem
/etc/swanctl/swanctl.conf:
/etc/swanctl/x509ca/strongswanCert.pem
/etc/swanctl/x509/sunCert.pem
- /etc/swanctl/priv/sunKey.pem
+ /etc/swanctl/private/sunKey.pem
/etc/swanctl/swanctl.conf:
children {
host-host {
start_action = trap
- }
+ }
}
}
}
/etc/swanctl/x509ca/strongswanCert.pem
/etc/swanctl/x509/moonCert.pem
- /etc/swanctl/priv/moonKey.pem
+ /etc/swanctl/private/moonKey.pem
/etc/swanctl/swanctl.conf:
/etc/swanctl/x509ca/strongswanCert.pem
/etc/swanctl/x509/carolCert.pem
- /etc/swanctl/priv/carolKey.pem
+ /etc/swanctl/private/carolKey.pem
/etc/swanctl/swanctl.conf:
- connections {
+ connections {
home {
remote_addrs = moon.strongswan.org
/etc/swanctl/x509ca/strongswanCert.pem
/etc/swanctl/x509/moonCert.pem
- /etc/swanctl/rsa/moonKey.pem
+ /etc/swanctl/private/moonKey.pem
/etc/swanctl/swanctl.conf:
/etc/swanctl/x509ca/strongswanCert.pem
/etc/swanctl/x509/carolCert.pem
- /etc/swanctl/priv/carolKey.pem
+ /etc/swanctl/private/carolKey.pem
/etc/swanctl/swanctl.conf:
- connections {
+ connections {
home {
remote_addrs = moon.strongswan.org
vips = 0.0.0.0
/etc/swanctl/x509ca/strongswanCert.pem
/etc/swanctl/x509/moonCert.pem
- /etc/swanctl/priv/moonKey.pem
+ /etc/swanctl/private/moonKey.pem
/etc/swanctl/swanctl.conf:
The `swanctl.conf` file additionally contains a `secrets` section defining all
client credentials
- secrets {
- eap-carol {
- id = carol@strongswan.org
- secret = Ar3etTnp
- }
- eap-dave {
- id = dave@strongswan.org
- secret = W7R0g3do
- }
- }
+ secrets {
+ eap-carol {
+ id = carol@strongswan.org
+ secret = Ar3etTnp
+ }
+ eap-dave {
+ id = dave@strongswan.org
+ secret = W7R0g3do
+ }
+ }
Configuration on roadwarrior _carol_:
/etc/swanctl/swanctl.conf:
- connections {
+ connections {
home {
remote_addrs = moon.strongswan.org
}
}
- secrets {
- eap-carol {
- id = carol@strongswan.org
- secret = Ar3etTnp
- }
- }
+ secrets {
+ eap-carol {
+ id = carol@strongswan.org
+ secret = Ar3etTnp
+ }
+ }
### Roadwarrior Case with EAP Identity ###
/etc/swanctl/x509ca/strongswanCert.pem
/etc/swanctl/x509/moonCert.pem
- /etc/swanctl/priv/moonKey.pem
+ /etc/swanctl/private/moonKey.pem
/etc/swanctl/swanctl.conf:
}
}
- secrets {
- eap-carol {
- id = carol
- secret = Ar3etTnp
- }
- eap-dave {
- id = dave
- secret = W7R0g3do
- }
- }
+ secrets {
+ eap-carol {
+ id = carol
+ secret = Ar3etTnp
+ }
+ eap-dave {
+ id = dave
+ secret = W7R0g3do
+ }
+ }
Configuration on roadwarrior _carol_:
/etc/swanctl/swanctl.conf:
- connections {
+ connections {
home {
remote_addrs = moon.strongswan.org
}
}
- secrets {
- eap-carol {
- id = carol
- secret = Ar3etTnp
- }
- }
+ secrets {
+ eap-carol {
+ id = carol
+ secret = Ar3etTnp
+ }
+ }
## Generating Certificates and CRLs ##