IKE Configuration Interface*. The deprecated **ipsec** command using the legacy
**stroke** configuration interface is described [**here**](README_LEGACY.md).
For more detailed information consult the man pages and
-[**our wiki**](http://wiki.strongswan.org).
+[**our wiki**](https://wiki.strongswan.org).
## Quickstart ##
local_ts = 10.1.0.0/16
remote_ts = 10.2.0.0/16
start_action = trap
- }
+ }
}
}
}
local_ts = 10.2.0.0/16
remote_ts = 10.1.0.0/16
start_action = trap
- }
+ }
}
}
}
| 192.168.0.1 | === | 192.168.0.2 |
moon sun
- Configuration on host _moon_:
+Configuration on host _moon_:
/etc/swanctl/x509ca/strongswanCert.pem
/etc/swanctl/x509/moonCert.pem
children {
host-host {
start_action = trap
- }
+ }
}
}
}
/etc/swanctl/swanctl.conf:
- connections {
+ connections {
home {
remote_addrs = moon.strongswan.org
/etc/swanctl/swanctl.conf:
- connections {
+ connections {
home {
remote_addrs = moon.strongswan.org
vips = 0.0.0.0
The `swanctl.conf` file additionally contains a `secrets` section defining all
client credentials
- secrets {
- eap-carol {
- id = carol@strongswan.org
- secret = Ar3etTnp
- }
- eap-dave {
- id = dave@strongswan.org
- secret = W7R0g3do
- }
- }
+ secrets {
+ eap-carol {
+ id = carol@strongswan.org
+ secret = Ar3etTnp
+ }
+ eap-dave {
+ id = dave@strongswan.org
+ secret = W7R0g3do
+ }
+ }
Configuration on roadwarrior _carol_:
/etc/swanctl/swanctl.conf:
- connections {
+ connections {
home {
remote_addrs = moon.strongswan.org
}
}
- secrets {
- eap-carol {
- id = carol@strongswan.org
- secret = Ar3etTnp
- }
- }
+ secrets {
+ eap-carol {
+ id = carol@strongswan.org
+ secret = Ar3etTnp
+ }
+ }
### Roadwarrior Case with EAP Identity ###
}
}
- secrets {
- eap-carol {
- id = carol
- secret = Ar3etTnp
- }
- eap-dave {
- id = dave
- secret = W7R0g3do
- }
- }
+ secrets {
+ eap-carol {
+ id = carol
+ secret = Ar3etTnp
+ }
+ eap-dave {
+ id = dave
+ secret = W7R0g3do
+ }
+ }
Configuration on roadwarrior _carol_:
/etc/swanctl/swanctl.conf:
- connections {
+ connections {
home {
remote_addrs = moon.strongswan.org
}
}
- secrets {
- eap-carol {
- id = carol
- secret = Ar3etTnp
- }
- }
+ secrets {
+ eap-carol {
+ id = carol
+ secret = Ar3etTnp
+ }
+ }
## Generating Certificates and CRLs ##