Line 10: |
Line 10: |
| An alternative solution is https://wiki.contribs.org/OpenVPN_SiteToSite or https://wiki.contribs.org/OpenVPN_Bridge | | An alternative solution is https://wiki.contribs.org/OpenVPN_SiteToSite or https://wiki.contribs.org/OpenVPN_Bridge |
| | | |
− | Where possible avoid the use of PPTP as it was cracked a long time ago and is very easy to read }} | + | Where possible avoid the use of PPTP as it was cracked a long time ago and is very easy to read |
| + | |
| + | With IKE v2 it is possible to allow dial in clients. |
| + | |
| + | For older dial clients you can also look at https://wiki.contribs.org/Smeserver-libreswan-xl2tpd |
| + | }} |
| | | |
| === Version === | | === Version === |
Line 22: |
Line 27: |
| <div>Please use the version of openswan in the ReetP repo as below</div> | | <div>Please use the version of openswan in the ReetP repo as below</div> |
| </div> | | </div> |
− | {{ #smeversion: smeserver-openswan}}
| + | |
| | | |
| ====Koozali SME v9==== | | ====Koozali SME v9==== |
Line 48: |
Line 53: |
| | | |
| ==Installation== | | ==Installation== |
− | = '''For Koozali SME8''' = | + | = For Koozali SME10 = |
| + | For Koozali SME Server 10, the latest stable Libreswan can be found in the default repo's |
| + | |
| + | Note that the contrib is currently in test so to install: |
| + | yum install smeserver-extrarepositories-libreswan -y |
| + | db yum_repositories setprop libreswan status enabled Priority 10 |
| + | signal-event yum-modify |
| + | yum --enablerepo=smecontribs,smetest install smeserver-libreswan |
| + | |
| + | Configuration options and notes are here (check the latest branch): |
| + | =For Koozali SME8= |
| For Koozali SME Server 8 you will need the [https://wiki.contribs.org/User:ReetP ReetP] repo to install openswan | | For Koozali SME Server 8 you will need the [https://wiki.contribs.org/User:ReetP ReetP] repo to install openswan |
| {{:Reetspetit|transcludesection=SME9}} | | {{:Reetspetit|transcludesection=SME9}} |
Line 66: |
Line 81: |
| RedHat have swapped to using Libreswan as their default IPsec implementation. | | RedHat have swapped to using Libreswan as their default IPsec implementation. |
| | | |
− | = '''For Koozali SME9''' = | + | = For Koozali SME9 = |
− | For Koozali SME Server 9, Libreswan can be found in the default repo's. | + | For Koozali SME Server 9, the latest stable Libreswan can be found in the default repo's |
| | | |
| Note that the contrib is currently in test so to install: | | Note that the contrib is currently in test so to install: |
Line 76: |
Line 91: |
| https://github.com/reetp/smeserver-libreswan | | https://github.com/reetp/smeserver-libreswan |
| | | |
− | {{Note box|I usually have the the latest version of libreswan in my own repo https://wiki.contribs.org/User:ReetP | + | {{Note box|You can get the latest version of libreswan itself here }} |
| + | |
| + | /sbin/e-smith/db yum_repositories set libreswan repository \ |
| + | BaseURL https://download.libreswan.org/binaries/rhel/6/x86_64/ \ |
| + | EnableGroups no \ |
| + | GPGCheck yes \ |
| + | GPGKey https://download.libreswan.org/binaries/RPM-GPG-KEY-libreswan \ |
| + | Name LibreSwan \ |
| + | Visible yes \ |
| + | status disabled \ |
| + | |
| + | signal-event yum-modify |
| | | |
− | Use at your own risk !}}
| + | yum --enablerepo=libreswan install libreswan |
| | | |
| <headertabs /> | | <headertabs /> |
Line 210: |
Line 236: |
| pfs: Default yes | Variable | | pfs: Default yes | Variable |
| connectiontype: Default secret | rassig, certificate | | connectiontype: Default secret | rassig, certificate |
− | ike: Default aes-sha1 | variable - see ipsec.conf readme file for more options | + | ike: Default aes-sha1 | Variable - see ipsec.conf readme file for more options - sample: aes256-sha2;dh14 or aes256-sha2;modp2048 |
| ipsecversion: Default permit | Whether to allow ikev2 - also : insist/propose/yes/never/no | | ipsecversion: Default permit | Whether to allow ikev2 - also : insist/propose/yes/never/no |
− |
| |
| | | |
| ====Per connection settings==== | | ====Per connection settings==== |
Line 231: |
Line 256: |
| rightrsasig: Default Empty | Your Remote rsasignature key | | rightrsasig: Default Empty | Your Remote rsasignature key |
| ipsecversion: Default permit | Whether to allow ikev2 - also : insist/propose/yes/never/no | | ipsecversion: Default permit | Whether to allow ikev2 - also : insist/propose/yes/never/no |
− | ike: Default aes-sha1 | Varable | + | ike: Default aes-sha1 | Variable - sample: aes256-sha2;dh14 or aes256-sha2;modp2048 |
− | phase2: Default aes-sha1 | Variable | + | phase2: Default aes-sha1 | Variable - sample: aes256-sha2;dh14 or aes256-sha2;modp2048 |
| mtu: Default Empty | Variable | | mtu: Default Empty | Variable |
| left: Default Empty | If Empty then %defaultroute is set. Can be local WAN IP | | left: Default Empty | If Empty then %defaultroute is set. Can be local WAN IP |