ipsec.conf
192.168.138.0/24 - lokales Netz auf dem Server
192.168.178.1 - lokales Netz Fritzbox
Code: Alles auswählen
version 2.0
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:10.8.0.0/24,%v4:192.168.138.0/24
oe=off
protostack=netkey
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=xxx.xxx.xxx.xxx
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
conn avm
authby=secret
auto=add
type=tunnel
aggrmode=no
left=IP
leftid=@Domain
leftsourceip=192.168.138.1
leftsubnet=192.168.138.0/24
right=xxxxxxxx.myfritz.net
rightsourceip=192.168.178.1
rightsubnet=192.168.178.0/24
rightid=@xxxxxxxxx.myfritz.net
ike=aes256-sha1;modp2048
phase2=esp
pfs=yes
dpddelay=60
dpdaction=restart
dpdtimeout=60
Code: Alles auswählen
Server_IP %any: PSK "Mein_super_geheimes_PW"
Code: Alles auswählen
vpncfg {
connections {
enabled = yes;
conn_type = conntype_lan;
name = "Name von VPN";
always_renew = yes;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = 0.0.0.0;
remote_virtualip = 0.0.0.0;
remotehostname = "Servername_oder_IP";
localid {
fqdn = "xxxxxxxxxxxxxx.myfritz.net";
}
remoteid {
fqdn = "Servername";
}
mode = phase1_mode_idp;
phase1ss = "dh14/aes/sha";
keytype = connkeytype_pre_shared;
key = "Mein_super_geheimes_PW";
cert_do_server_auth = no;
use_nat_t = no;
use_xauth = no;
use_cfgmode = no;
phase2localid {
ipnet {
ipaddr = 192.168.178.0;
mask = 255.255.255.0;
}
}
phase2remoteid {
ipnet {
ipaddr = 192.168.138.0;
mask = 255.255.255.0;
}
}
phase2ss = "esp-aes256-3des-sha/ah-no/comp-lzs-no/pfs";
accesslist = "permit ip any 192.168.138.0 255.255.255.0";
}
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
"udp 0.0.0.0:4500 0.0.0.0:4500";
}
// EOF
Anleitung: https://libreswan.org/wiki/3.14_on_Debian_Wheezy
Nützliche Install Scripts:
Installiert Libreswan und richtet einen L2TP Tunnel ein.
Setup Simple IPSec/L2TP VPN server for Ubuntu and Debian : https://github.com/philplckthun/setup-s ... r/setup.sh
----------------------
Installiert oder Updatet Libreswan
Simple LibreSwan Upgrade / Install Script auf 3.15: https://github.com/philplckthun/setup-s ... breswan.sh
Hier kann man im Script zum Updaten einfach die Versionsnummer auf 3.16 ändern