V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
wuruxu
V2EX  ›  宽带症候群

终于把 ipv6 环境下 strongswan 的配置好了

  •  
  •   wuruxu · 2023-02-14 14:36:22 +08:00 · 1248 次点击
    这是一个创建于 651 天前的主题,其中的信息可能已经有所发展或是发生改变。
    Security Associations (1 up, 0 connecting):
             ec6[16]: ESTABLISHED 10 minutes ago, 2400:8902::f03c:0366:febc:6a0a[xyz.wuruxu.cn]...2409:8a6a:216:6677:67b4:8899:ba5d:344[debian]
             ec6[16]: Remote EAP identity: wuruxu
             ec6[16]: IKEv2 SPIs: 58812b94cf2332f9_i 12425e338a463d3e_r*, public key reauthentication in 2 hours
             ec6[16]: IKE proposal: CHACHA20_POLY1305/PRF_HMAC_SHA2_512/CURVE_25519
             ec6{11}:  INSTALLED, TUNNEL, reqid 1, ESP SPIs: caf69aa5_i c2924650_o
             ec6{11}:  AES_GCM_16_256, 966634 bytes_i (7095 pkts, 0s ago), 10632497 bytes_o (12299 pkts, 0s ago), rekeying in 34 minutes
             ec6{11}:   0.0.0.0/0 ::/0 === 10.18.0.1/32 2001:166:188:d88:1::2/128
    
    
    第 1 条附言  ·  2023-02-19 18:53:57 +08:00

    关于 更多 strongswan 的配置信息,可以参考我的 git repo

    2 条回复    2023-02-19 18:32:22 +08:00
    wolonggl
        1
    wolonggl  
       2023-02-16 10:08:39 +08:00
    配置发出来共享下
    wuruxu
        2
    wuruxu  
    OP
       2023-02-19 18:32:22 +08:00
    @wolonggl
    ```
    # ipsec.conf - strongSwan IPsec configuration file

    # basic configuration

    config setup
    strictcrlpolicy=yes
    uniqueids = never

    conn %default
    keyexchange=ikev2
    left=%defaultroute
    leftauth=pubkey
    leftfirewall=yes
    mobike=yes
    compress=yes
    ike=chacha20poly1305-sha512-newhope128,chacha20poly1305-sha512-x25519,aes256-sha512-modp2048,aes128-sha512-modp2048,aes256ccm96-sha384-modp2048,aes256-sha256-modp2048,aes128-sha256-modp2048,aes128-sha1-modp2048!
    esp=chacha20poly1305,aes256gcm128,aes128gcm128,aes256ccm128,aes256

    conn ec6
    leftsendcert=always
    leftcert=nginx.ssl.xyz.ecc.cer
    [email protected]
    leftsubnet=0.0.0.0/0,::/0
    rightauth=eap-mschapv2
    rightsourceip=2004:0988:0816:d88:1::/80,10.128.0.0/24
    rightdns=2001:4860:4860::8888,1.1.1.1
    rightsendcert=never
    eap_identity=%identity
    auto=add

    ```
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   3624 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 29ms · UTC 00:47 · PVG 08:47 · LAX 16:47 · JFK 19:47
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.