新版都推荐 swanctl ,所以共享下 swanctl.conf 配置信息
目前看起来,比 ipsec.conf 的优点,就是把用户密码用在了一起
root@myhost:/etc/strongswan.d# cat /etc/swanctl/conf.d/ec6.conf
connections {
xyz {
unique = never
version = 2
proposals = chacha20poly1305-sha512-x25519,aes256-sha512-modp2048,aes128-sha512-modp2048,aes256ccm96-sha384-modp2048,aes256-sha256-modp2048,aes128-sha256-modp2048,default
rekey_time = 0s
dpd_delay = 36s
fragmentation = accept
send_cert = never
send_certreq = yes
remote_addrs = xyz.domain.org
local_port = 4500
vips=0.0.0.0,::
local {
id = thinkpad
auth = eap-mschapv2
eap_id = myusername
}
remote {
id = ec6.andjs.org
}
children {
andjs {
local_ts = 10.17.0.0/24,2001:177:234:dee:1::/80
remote_ts = 0.0.0.0/0,::/0
rekey_time = 0s
dpd_action = clear
esp_proposals = chacha20poly1305,aes256gcm128,aes128gcm128,aes256ccm128,aes256
}
}
}
}
secrets {
eap-u0 {
id = myusername
secret = "mypassword"
}
}
这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。
V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。
V2EX is a community of developers, designers and creative people.