生まれ変わる - umarekawaru

User Tools

Site Tools

Trace:
technical:ipsec:strongswan

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
technical:ipsec:strongswan [2023/05/14 10:46] jctechnical:ipsec:strongswan [2023/06/12 10:52] (current) jc
Line 4: Line 4:
 # Install # Install
 Install the strongswan package from fedora package repository. Install the strongswan package from fedora package repository.
-```+```bash
 dnf install -y strongswan dnf install -y strongswan
 ``` ```
Line 11: Line 11:
 Enable IPv4 traffic forwarding on both VPN sites. Enable IPv4 traffic forwarding on both VPN sites.
 /etc/sysctl.conf /etc/sysctl.conf
-```+```bash
 net.ipv4.ip_forward = 1 net.ipv4.ip_forward = 1
 ``` ```
 Reload sysctl settings Reload sysctl settings
-```+```bash
 sysctl -p sysctl -p
 ``` ```
Line 21: Line 21:
 Configure a network interface for the WAN connection between VPNs and a network interface for the LAN host network. Configure a network interface for the WAN connection between VPNs and a network interface for the LAN host network.
 ### VPN-Site-1 ### VPN-Site-1
-```+```bash
 nmcli connection add ifname ens4 connection.id wan connection.type 802-3-ethernet mtu 1460 ipv4.method manual ipv4.address 100.64.20.1/30 nmcli connection add ifname ens4 connection.id wan connection.type 802-3-ethernet mtu 1460 ipv4.method manual ipv4.address 100.64.20.1/30
 nmcli connection add ifname ens5 connection.id lan connection.type 802-3-ethernet ipv4.method manual ipv4.address 192.168.80.1/24 mtu 1460 nmcli connection add ifname ens5 connection.id lan connection.type 802-3-ethernet ipv4.method manual ipv4.address 192.168.80.1/24 mtu 1460
Line 27: Line 27:
 ``` ```
 ### VPN-Site-2 ### VPN-Site-2
-```+```bash
 nmcli connection add ifname ens4 connection.id wan connection.type 802-3-ethernet mtu 1460 ipv4.method manual ipv4.address 100.64.20.2/30 nmcli connection add ifname ens4 connection.id wan connection.type 802-3-ethernet mtu 1460 ipv4.method manual ipv4.address 100.64.20.2/30
 nmcli connection add ifname ens5 connection.id lan connection.type 802-3-ethernet ipv4.method manual ipv4.address 192.168.90.1/24 mtu 1460 nmcli connection add ifname ens5 connection.id lan connection.type 802-3-ethernet ipv4.method manual ipv4.address 192.168.90.1/24 mtu 1460
Line 34: Line 34:
 ## Firewall ## Firewall
 Configure firewall rules for both VPN sites. Configure firewall rules for both VPN sites.
-```+```bash
 firewall-cmd --permanent --add-zone=wan firewall-cmd --permanent --add-zone=wan
 firewall-cmd --permanent --change-zone=ens4 --zone=wan firewall-cmd --permanent --change-zone=ens4 --zone=wan
Line 130: Line 130:
 # Run # Run
 Start the VPN. Start the VPN.
-```+```bash
 strongswan start strongswan start
 +```
 +
 +The legacy systemd unit can configured by enabling the `strongswan-starter.service` script.
 +```bash
 +systemctl enable strongswan-starter.service
 +systemctl start strongswan-starter.service
 ``` ```
 # Links # Links
Line 137: Line 143:
 * http://www.remy.org.uk/tech.php?tech=1483382049 * http://www.remy.org.uk/tech.php?tech=1483382049
 </markdown> </markdown>
 +
technical/ipsec/strongswan.1684075576.txt.gz · Last modified: 2023/05/14 10:46 by jc

Page Tools