Line 1: |
Line 1: |
| {{Languages}} | | {{Languages}} |
| ==Version== | | ==Version== |
− | {{#smeversion: {{lc:{{FULLPAGENAME}}}} }} | + | {{#smeversion: smeserver-{{lc:{{FULLPAGENAME}}}} }} |
| | | |
| ==About== | | ==About== |
Line 50: |
Line 50: |
| | | |
| yum install smeserver-extrarepositories-libreswan smeserver-extrarepositories-epel | | yum install smeserver-extrarepositories-libreswan smeserver-extrarepositories-epel |
| + | db yum_repositories setprop libreswan status enabled Priority 10 |
| signal-event yum-modify | | signal-event yum-modify |
| config set UnsavedChanges no | | config set UnsavedChanges no |
Line 68: |
Line 69: |
| ===Keys=== | | ===Keys=== |
| | | |
− | These are the ipsec database keys required to setup the server | + | These are the basic database keys required to setup the server |
| + | |
| + | ======IPsec settings====== |
| | | |
| * IPRange Start/Finish | | * IPRange Start/Finish |
Line 74: |
Line 77: |
| Note it '''MUST NOT''' conflict with IPs issued by your DHCP server | | Note it '''MUST NOT''' conflict with IPs issued by your DHCP server |
| | | |
− | db ipsec_connections setprop L2TPD-PSK IPRangeStart 192.168.1.176 IPRangeFinish 192.168.1.190 | + | db ipsec_connections setprop L2TPD-PSK IPRangeStart 192.168.1.176 IPRangeFinish 192.168.1.190 |
| | | |
| * rightsubnet | | * rightsubnet |
| This must be the subnet in CIDR format and match the IP range allocated above eg: | | This must be the subnet in CIDR format and match the IP range allocated above eg: |
| | | |
− | db ipsec_connections setprop L2TPD-PSK rightsubnet 192.178.1.176/28 | + | db ipsec_connections setprop L2TPD-PSK rightsubnet 192.178.1.176/28 |
| | | |
| * passwd | | * passwd |
Line 87: |
Line 90: |
| | | |
| db ipsec_connections setprop L2TPD-PSK password SomeLongComplicatedSecret | | db ipsec_connections setprop L2TPD-PSK password SomeLongComplicatedSecret |
| + | db ipsec_connections setprop L2TPD-PSK password `openssl rand -base64 64|sed '/.*$/N;s/\n//'` |
| | | |
| Ensure the connection is enabled: | | Ensure the connection is enabled: |
Line 96: |
Line 100: |
| config setprop ipsec status enabled | | config setprop ipsec status enabled |
| | | |
− | Xl2tps settings | + | ======Xl2tps settings====== |
| + | |
| * DNS | | * DNS |
| Optional - defaults to the SME server. Can add extra servers if required | | Optional - defaults to the SME server. Can add extra servers if required |
Line 104: |
Line 109: |
| Defaults to private. Not necessary to set public. | | Defaults to private. Not necessary to set public. |
| | | |
− | config setprop xl2tpd status enabled | + | * status |
| + | config setprop xl2tpd status enabled |
| | | |
| *UDPPort | | *UDPPort |