From Fedora Project Wiki
(Created page with "Strongswan can be considered the most powerful IPsec implementation in Fedora. == Features * IKEv1, IKEv2 (older and current version of Internet Key Exchange) * MOBIKE (mobilit...")
 
No edit summary
Line 1: Line 1:
Strongswan can be considered the most powerful IPsec implementation in Fedora.
Strongswan can be considered the most powerful IPsec implementation in Fedora.


== Features
== Features ==


* IKEv1, IKEv2 (older and current version of Internet Key Exchange)
* IKEv1, IKEv2 (older and current version of Internet Key Exchange)
* MOBIKE (mobility and multihoming extension to IKEv2)
* MOBIKE (mobility and multihoming extension to IKEv2)
* IPv4, IPv6 (old and new Internet Protocol)
* IPv4, IPv6 (old and new Internet Protocol)
* Road Warror Setup
* Road warror setup
* NAT Traversal
* NAT traversal
* NetworkManager plugin
* NetworkManager plugin
* And much more...
* And much more...
== Use cases ==
=== Simple bi-directional transport channel ===
<pre>
conn test
    auto=route
    type=transport
    left=2001:db8::a
    right=2001:db8::b
    authby=psk
    mobike=no
</pre>
=== Road warrior (server) ===
<pre>
conn test
    auto=add
    type=transport
    left=%any
    right=2001:db8::b
    authby=psk
    mobike=no
</pre>
=== Road warrior (client) ===
<pre>
conn test
    auto=add
    type=transport
    left=%defaultroute
    leftid=@alpha.example.net
    right=2001:db8::b
    authby=psk
    mobike=no
</pre>
=== Tunnel mode ===
<pre>
conn test
    auto=route
    type=tunnel
    left=2001:db8::a
    leftsubnet=2001:db8:a:a::/64
    right=2001:db8::b
    leftsubnet=2001:db8:b:b::/64
    authby=psk
    mobike=no
</pre>

Revision as of 00:40, 27 May 2012

Strongswan can be considered the most powerful IPsec implementation in Fedora.

Features

  • IKEv1, IKEv2 (older and current version of Internet Key Exchange)
  • MOBIKE (mobility and multihoming extension to IKEv2)
  • IPv4, IPv6 (old and new Internet Protocol)
  • Road warror setup
  • NAT traversal
  • NetworkManager plugin
  • And much more...

Use cases

Simple bi-directional transport channel

conn test
    auto=route
    type=transport
    left=2001:db8::a
    right=2001:db8::b
    authby=psk
    mobike=no

Road warrior (server)

conn test
    auto=add
    type=transport
    left=%any
    right=2001:db8::b
    authby=psk
    mobike=no

Road warrior (client)

conn test
    auto=add
    type=transport
    left=%defaultroute
    leftid=@alpha.example.net
    right=2001:db8::b
    authby=psk
    mobike=no

Tunnel mode

conn test
    auto=route
    type=tunnel
    left=2001:db8::a
    leftsubnet=2001:db8:a:a::/64
    right=2001:db8::b
    leftsubnet=2001:db8:b:b::/64
    authby=psk
    mobike=no
Retrieved from "https://fedoraproject.org/w/index.php?title=Tools/Strongswan&oldid=289801"