Last active
December 4, 2019 08:07
-
-
Save m4ce/99a99c2f13846e2658126574789635d1 to your computer and use it in GitHub Desktop.
Site-to-site tunnel between StrongSwan (behind NAT) and Libreswan
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| conn site1 | |
| left=%defaultroute | |
| leftid=@site1 | |
| leftrsasigkey=/etc/ipsec.d/certs/site1.pem | |
| right=<SITE2_IP> | |
| rightid=@site2 | |
| rightrsasigkey="dns:<Base64 RFC 3110 RSA key from site2>" | |
| authby=rsasig | |
| auto=add | |
| type=tunnel | |
| keyexchange=ikev1 | |
| esp=aes128-sha1-modp2048 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| conn server | |
| left=%any | |
| leftid=@site1 | |
| leftrsasigkey=<generate the Base64 RFC 3110 RSA key from site1.pem> | |
| right=<SITE2_IP> | |
| rightid=@site2 | |
| rightrsasigkey=<key from `ipsec showhostkey --right`> | |
| authby=rsasig | |
| ikev2=never | |
| pfs=yes | |
| type=tunnel |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Use https://git.dn42.us/ryan/pubkey-converter/raw/master/pubkey-converter.pl to convert from PEM RSA to Base64 RFC 3110 and the other way around.