config ipsec site to site strongswan
======================
/etc/ipsec.secrets
# This file holds shared secrets or RSA private keys for authentication.
# RSA private key for this host, authenticating it to any other host
# which knows the public part.
publicip-site1 publicip-site2 : PSK "secret"
===============
/etc/ipsec.conf
config setup
charondebug="all"
uniqueids=yes
conn site1-to-site2
type=tunnel
auto=start
keyexchange=ikev2
authby=secret
left=public-ip-site1
leftsubnet=192.168.0.0/29
right=public-ip-site2
rightsubnet=192.168.1.0/29
ike=aes256-sha256-modp1024
esp=aes256
aggressive=no
keyingtries=%forever
ikelifetime=28800s
lifetime=3600s
dpddelay=30s
dpdtimeout=120s
dpdaction=restart
0 komentar:
Posting Komentar