Changes

Changes

1,014 bytes added , 04:25, 15 July 2022

no edit summary

Line 10: Line 10:

An alternative solution is https://wiki.contribs.org/OpenVPN_SiteToSite or https://wiki.contribs.org/OpenVPN_Bridge

−

Where possible avoid the use of PPTP as it was cracked a long time ago and is very easy to read }}

Where possible avoid the use of PPTP as it was cracked a long time ago and is very easy to read

With IKE v2 it is possible to allow dial in clients.

For older dial clients you can also look at https://wiki.contribs.org/Smeserver-libreswan-xl2tpd

}}

=== Version ===

Line 22: Line 27:

<div>Please use the version of openswan in the ReetP repo as below</div>

</div>

−

~~{{ #smeversion: smeserver-openswan}}~~

====Koozali SME v9====

Line 48: Line 53:

==Installation==

−

= '''For Koozali SME8~~'''~~ =

= For Koozali SME10 =

For Koozali SME Server 10, the latest stable Libreswan can be found in the default repo's

Note that the contrib is currently in test so to install:

yum install smeserver-extrarepositories-libreswan -y

db yum_repositories setprop libreswan status enabled Priority 10

signal-event yum-modify

yum --enablerepo=smecontribs,smetest install smeserver-libreswan

Configuration options and notes are here (check the latest branch):

=For Koozali SME8=

For Koozali SME Server 8 you will need the [https://wiki.contribs.org/User:ReetP ReetP] repo to install openswan

Line 66: Line 81:

RedHat have swapped to using Libreswan as their default IPsec implementation.

−

= ~~'''~~For Koozali SME9~~'''~~ =

= For Koozali SME9 =

−

For Koozali SME Server 9, Libreswan can be found in the default repo's.

For Koozali SME Server 9, the latest stable Libreswan can be found in the default repo's

Note that the contrib is currently in test so to install:

Line 76: Line 91:

https://github.com/reetp/smeserver-libreswan

−

{{Note box|~~I usually have the~~ the latest version of libreswan ~~in my own repo~~ https://~~wiki~~.~~contribs~~.org/~~User~~:~~ReetP~~

{{Note box|You can get the latest version of libreswan itself here }}

/sbin/e-smith/db yum_repositories set libreswan repository \

BaseURL https://download.libreswan.org/binaries/rhel/6/x86_64/ \

EnableGroups no \

GPGCheck yes \

GPGKey https://download.libreswan.org/binaries/RPM-GPG-KEY-libreswan \

Name LibreSwan \

Visible yes \

status disabled \

signal-event yum-modify

−

~~Use at your own risk !}}~~

yum --enablerepo=libreswan install libreswan

Line 210: Line 236:

pfs: Default yes | Variable

connectiontype: Default secret | rassig, certificate

−

ike: Default aes-sha1 | ~~variable~~ - see ipsec.conf readme file for more options

ike: Default aes-sha1 | Variable - see ipsec.conf readme file for more options - sample: aes256-sha2;dh14 or aes256-sha2;modp2048

ipsecversion: Default permit | Whether to allow ikev2 - also : insist/propose/yes/never/no

−

====Per connection settings====

Line 231: Line 256:

rightrsasig: Default Empty | Your Remote rsasignature key

ipsecversion: Default permit | Whether to allow ikev2 - also : insist/propose/yes/never/no

−

ike: Default aes-sha1 | ~~Varable~~

ike: Default aes-sha1 | Variable - sample: aes256-sha2;dh14 or aes256-sha2;modp2048

−

phase2: Default aes-sha1 | Variable

phase2: Default aes-sha1 | Variable - sample: aes256-sha2;dh14 or aes256-sha2;modp2048

mtu: Default Empty | Variable

left: Default Empty | If Empty then %defaultroute is set. Can be local WAN IP

Unnilennium

Super Admin, Wiki & Docs Team, Bureaucrats, Interface administrators, Administrators

3,250

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/32572...41420"

Libreswan (view source)

Revision as of 04:25, 15 July 2022

Navigation menu

Search