testing: Converted swanctl to systemd
This commit is contained in:
parent
65f74cd13d
commit
70dc5bb8ad
|
@ -1,14 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,15 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
pools = /usr/local/sbin/swanctl --load-pools
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
carol::swanctl --terminate --ike home
|
||||
dave::swanctl --terminate --ike home
|
||||
carol::service charon stop 2> /dev/null
|
||||
dave::service charon stop 2> /dev/null
|
||||
moon::service charon stop 2> /dev/null
|
||||
carol::systemctl stop strongswan-swanctl
|
||||
dave::systemctl stop strongswan-swanctl
|
||||
moon::systemctl stop strongswan-swanctl
|
||||
moon::iptables-restore < /etc/iptables.flush
|
||||
carol::iptables-restore < /etc/iptables.flush
|
||||
dave::iptables-restore < /etc/iptables.flush
|
||||
|
|
|
@ -2,9 +2,9 @@ moon::iptables-restore < /etc/iptables.rules
|
|||
carol::iptables-restore < /etc/iptables.rules
|
||||
dave::iptables-restore < /etc/iptables.rules
|
||||
moon::cat /etc/swanctl/swanctl_base.conf
|
||||
moon::service charon start 2> /dev/null
|
||||
carol::service charon start 2> /dev/null
|
||||
dave::service charon start 2> /dev/null
|
||||
moon::systemctl start strongswan-swanctl
|
||||
carol::systemctl start strongswan-swanctl
|
||||
dave::systemctl start strongswan-swanctl
|
||||
moon::expect-connection rw-carol
|
||||
carol::expect-connection home
|
||||
carol::swanctl --initiate --child home 2> /dev/null
|
||||
|
|
|
@ -1,16 +1,19 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
cache_crls = yes
|
||||
}
|
||||
|
|
|
@ -1,16 +1,19 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
cache_crls = yes
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
carol::service charon stop 2> /dev/null
|
||||
moon::service charon stop 2> /dev/null
|
||||
carol::systemctl stop strongswan-swanctl
|
||||
moon::systemctl stop strongswan-swanctl
|
||||
moon::rm /etc/swanctl/x509crl/*
|
||||
carol::rm /etc/swanctl/x509crl/*
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
moon::service charon start 2> /dev/null
|
||||
carol::service charon start 2> /dev/null
|
||||
moon::systemctl start strongswan-swanctl
|
||||
carol::systemctl start strongswan-swanctl
|
||||
moon::expect-connection rw
|
||||
carol::expect-connection home
|
||||
carol::swanctl --initiate --child home 2> /dev/null
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -4,14 +4,17 @@ swanctl {
|
|||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown attr farp dhcp
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
|
||||
plugins {
|
||||
dhcp {
|
||||
server = 10.1.255.255
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
carol::swanctl --terminate --ike home
|
||||
dave::swanctl --terminate --ike home
|
||||
carol::service charon stop 2> /dev/null
|
||||
dave::service charon stop 2> /dev/null
|
||||
moon::service charon stop 2> /dev/null
|
||||
carol::systemctl stop strongswan-swanctl
|
||||
dave::systemctl stop strongswan-swanctl
|
||||
moon::systemctl stop strongswan-swanctl
|
||||
venus::cat /var/state/dhcp/dhcpd.leases
|
||||
venus::server isc-dhcp-server stop 2> /dev/null
|
||||
moon::iptables-restore < /etc/iptables.flush
|
||||
|
|
|
@ -3,9 +3,9 @@ carol::iptables-restore < /etc/iptables.rules
|
|||
dave::iptables-restore < /etc/iptables.rules
|
||||
venus::cat /etc/dhcp/dhcpd.conf
|
||||
venus::service isc-dhcp-server start 2> /dev/null
|
||||
moon::service charon start 2> /dev/null
|
||||
carol::service charon start 2> /dev/null
|
||||
dave::service charon start 2> /dev/null
|
||||
moon::systemctl start strongswan-swanctl
|
||||
carol::systemctl start strongswan-swanctl
|
||||
dave::systemctl start strongswan-swanctl
|
||||
moon::expect-connection rw
|
||||
carol::expect-connection home
|
||||
carol::swanctl --initiate --child home 2> /dev/null
|
||||
|
|
|
@ -1,16 +1,20 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
|
||||
|
||||
fragment_size = 1400
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,16 +1,20 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
|
||||
|
||||
fragment_size = 1400
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,16 +1,20 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
|
||||
|
||||
fragment_size = 1400
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
carol::swanctl --terminate --ike home 2> /dev/null
|
||||
dave::swanctl --terminate --ike home 2> /dev/null
|
||||
carol::service charon stop 2> /dev/null
|
||||
dave::service charon stop 2> /dev/null
|
||||
moon::service charon stop 2> /dev/null
|
||||
carol::systemctl stop strongswan-swanctl
|
||||
dave::systemctl stop strongswan-swanctl
|
||||
moon::systemctl stop strongswan-swanctl
|
||||
moon::iptables-restore < /etc/iptables.flush
|
||||
carol::iptables-restore < /etc/iptables.flush
|
||||
dave::iptables-restore < /etc/iptables.flush
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
moon::iptables-restore < /etc/iptables.rules
|
||||
carol::iptables-restore < /etc/iptables.rules
|
||||
dave::iptables-restore < /etc/iptables.rules
|
||||
moon::service charon start 2> /dev/null
|
||||
carol::service charon start 2> /dev/null
|
||||
dave::service charon start 2> /dev/null
|
||||
moon::systemctl start strongswan-swanctl
|
||||
carol::systemctl start strongswan-swanctl
|
||||
dave::systemctl start strongswan-swanctl
|
||||
moon::expect-connection rw
|
||||
carol::expect-connection home
|
||||
carol::swanctl --initiate --child home 2> /dev/null
|
||||
|
|
|
@ -1,17 +1,20 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
|
||||
|
||||
fragment_size = 1400
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
auth = /usr/local/sbin/swanctl --load-authorities
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,17 +1,20 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
|
||||
|
||||
fragment_size = 1400
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
auth = /usr/local/sbin/swanctl --load-authorities
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,17 +1,20 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
|
||||
|
||||
fragment_size = 1400
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
auth = /usr/local/sbin/swanctl --load-authorities
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
carol::swanctl --terminate --ike home 2> /dev/null
|
||||
dave::swanctl --terminate --ike home 2> /dev/null
|
||||
carol::service charon stop 2> /dev/null
|
||||
dave::service charon stop 2> /dev/null
|
||||
moon::service charon stop 2> /dev/null
|
||||
carol::systemctl stop strongswan-swanctl
|
||||
dave::systemctl stop strongswan-swanctl
|
||||
moon::systemctl stop strongswan-swanctl
|
||||
moon::iptables-restore < /etc/iptables.flush
|
||||
carol::iptables-restore < /etc/iptables.flush
|
||||
dave::iptables-restore < /etc/iptables.flush
|
||||
|
|
|
@ -7,9 +7,9 @@ dave::ip6tables-restore < /etc/ip6tables.rules
|
|||
alice::"ip route add fec0:\:/16 via fec1:\:1"
|
||||
carol::"ip route add fec1:\:/16 via fec0:\:1"
|
||||
dave::"ip route add fec1:\:/16 via fec0:\:1"
|
||||
moon::service charon start 2> /dev/null
|
||||
carol::service charon start 2> /dev/null
|
||||
dave::service charon start 2> /dev/null
|
||||
moon::systemctl start strongswan-swanctl
|
||||
carol::systemctl start strongswan-swanctl
|
||||
dave::systemctl start strongswan-swanctl
|
||||
moon::expect-connection rw
|
||||
carol::expect-connection home
|
||||
carol::swanctl --initiate --child home 2> /dev/null
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,17 +1,20 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici
|
||||
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
plugins {
|
||||
attr-sql {
|
||||
database = sqlite:///etc/db.d/ipsec.db
|
||||
|
@ -21,4 +24,5 @@ charon {
|
|||
|
||||
pool {
|
||||
load = sqlite
|
||||
database = sqlite:///etc/db.d/ipsec.db
|
||||
}
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
carol::swanctl --terminate --ike home
|
||||
dave::swanctl --terminate --ike home
|
||||
carol::service charon stop 2> /dev/null
|
||||
dave::service charon stop 2> /dev/null
|
||||
moon::service charon stop 2> /dev/null
|
||||
carol::systemctl stop strongswan-swanctl
|
||||
dave::systemctl stop strongswan-swanctl
|
||||
moon::systemctl stop strongswan-swanctl
|
||||
moon::iptables-restore < /etc/iptables.flush
|
||||
carol::iptables-restore < /etc/iptables.flush
|
||||
dave::iptables-restore < /etc/iptables.flush
|
||||
|
|
|
@ -7,9 +7,9 @@ moon::ipsec pool --addattr nbns --server PH_IP_VENUS 2> /dev/null
|
|||
moon::iptables-restore < /etc/iptables.rules
|
||||
carol::iptables-restore < /etc/iptables.rules
|
||||
dave::iptables-restore < /etc/iptables.rules
|
||||
moon::service charon start 2> /dev/null
|
||||
carol::service charon start 2> /dev/null
|
||||
dave::service charon start 2> /dev/null
|
||||
moon::systemctl start strongswan-swanctl
|
||||
carol::systemctl start strongswan-swanctl
|
||||
dave::systemctl start strongswan-swanctl
|
||||
moon::expect-connection rw
|
||||
carol::expect-connection home
|
||||
carol::swanctl --initiate --child home 2> /dev/null
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,15 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
pools = /usr/local/sbin/swanctl --load-pools
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
carol::swanctl --terminate --ike home
|
||||
dave::swanctl --terminate --ike home
|
||||
carol::service charon stop 2> /dev/null
|
||||
dave::service charon stop 2> /dev/null
|
||||
moon::service charon stop 2> /dev/null
|
||||
carol::systemctl stop strongswan-swanctl
|
||||
dave::systemctl stop strongswan-swanctl
|
||||
moon::systemctl stop strongswan-swanctl
|
||||
moon::iptables-restore < /etc/iptables.flush
|
||||
carol::iptables-restore < /etc/iptables.flush
|
||||
dave::iptables-restore < /etc/iptables.flush
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
moon::iptables-restore < /etc/iptables.rules
|
||||
carol::iptables-restore < /etc/iptables.rules
|
||||
dave::iptables-restore < /etc/iptables.rules
|
||||
moon::service charon start 2> /dev/null
|
||||
carol::service charon start 2> /dev/null
|
||||
dave::service charon start 2> /dev/null
|
||||
moon::systemctl start strongswan-swanctl
|
||||
carol::systemctl start strongswan-swanctl
|
||||
dave::systemctl start strongswan-swanctl
|
||||
moon::expect-connection rw
|
||||
carol::expect-connection home
|
||||
carol::swanctl --initiate --child home 2> /dev/null
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
carol::swanctl --terminate --ike home
|
||||
dave::swanctl --terminate --ike home
|
||||
carol::service charon stop 2> /dev/null
|
||||
dave::service charon stop 2> /dev/null
|
||||
moon::service charon stop 2> /dev/null
|
||||
carol::systemctl stop strongswan-swanctl
|
||||
dave::systemctl stop strongswan-swanctl
|
||||
moon::systemctl stop strongswan-swanctl
|
||||
winnetou::ip route del 10.1.0.0/16 via 192.168.0.1
|
||||
carol::ip route del 10.1.0.0/16 via 192.168.0.1
|
||||
dave::ip route del 10.1.0.0/16 via 192.168.0.1
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
winnetou::ip route add 10.1.0.0/16 via 192.168.0.1
|
||||
carol::ip route add 10.1.0.0/16 via 192.168.0.1
|
||||
dave::ip route add 10.1.0.0/16 via 192.168.0.1
|
||||
moon::service charon start 2> /dev/null
|
||||
carol::service charon start 2> /dev/null
|
||||
dave::service charon start 2> /dev/null
|
||||
moon::systemctl start strongswan-swanctl
|
||||
carol::systemctl start strongswan-swanctl
|
||||
dave::systemctl start strongswan-swanctl
|
||||
moon::expect-connection rw
|
||||
carol::expect-connection home
|
||||
carol::swanctl --initiate --child home 2> /dev/null
|
||||
|
|
|
@ -1,10 +1,14 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,10 +1,14 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,13 +1,16 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-radius eap-identity updown
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
plugins {
|
||||
eap-radius {
|
||||
secret = gv6URkSs
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
carol::service charon stop 2> /dev/null
|
||||
dave::service charon stop 2> /dev/null
|
||||
moon::service charon stop 2> /dev/null
|
||||
carol::systemctl stop strongswan-swanctl
|
||||
dave::systemctl stop strongswan-swanctl
|
||||
moon::systemctl stop strongswan-swanctl
|
||||
alice::killall radiusd
|
||||
|
|
|
@ -5,9 +5,9 @@ alice::cat /etc/freeradius/triplets.dat
|
|||
carol::cat /etc/ipsec.d/triplets.dat
|
||||
dave::cat /etc/ipsec.d/triplets.dat
|
||||
alice::radiusd
|
||||
moon::service charon start 2> /dev/null
|
||||
carol::service charon start 2> /dev/null
|
||||
dave::service charon start 2> /dev/null
|
||||
moon::systemctl start strongswan-swanctl
|
||||
carol::systemctl start strongswan-swanctl
|
||||
dave::systemctl start strongswan-swanctl
|
||||
moon::expect-connection rw
|
||||
carol::expect-connection home
|
||||
carol::swanctl --initiate --child home 2> /dev/null
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,15 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
auths = /usr/local/sbin/swanctl --load-authorities
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
carol::swanctl --terminate --ike home 2> /dev/null
|
||||
dave::swanctl --terminate --ike home 2> /dev/null
|
||||
carol::service charon stop 2> /dev/null
|
||||
dave::service charon stop 2> /dev/null
|
||||
moon::service charon stop 2> /dev/null
|
||||
carol::rm -r /etc/swanctl
|
||||
dave::rm -r /etc/swanctl
|
||||
moon::rm -r /etc/swanctl
|
||||
carol::systemctl stop strongswan-swanctl
|
||||
dave::systemctl stop strongswan-swanctl
|
||||
moon::systemctl stop strongswan-swanctl
|
||||
carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
|
||||
dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
|
||||
moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
moon::service charon start 2> /dev/null
|
||||
carol::service charon start 2> /dev/null
|
||||
dave::service charon start 2> /dev/null
|
||||
moon::systemctl start strongswan-swanctl
|
||||
carol::systemctl start strongswan-swanctl
|
||||
dave::systemctl start strongswan-swanctl
|
||||
moon::expect-connection research
|
||||
carol::expect-connection alice
|
||||
carol::swanctl --initiate --child alice 2> /dev/null
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
moon::swanctl --terminate --ike gw-gw 2> /dev/null
|
||||
moon::service charon stop 2> /dev/null
|
||||
sun::service charon stop 2> /dev/null
|
||||
moon::systemctl stop strongswan-swanctl
|
||||
sun::systemctl stop strongswan-swanctl
|
||||
moon::iptables-restore < /etc/iptables.flush
|
||||
sun::iptables-restore < /etc/iptables.flush
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
moon::iptables-restore < /etc/iptables.rules
|
||||
sun::iptables-restore < /etc/iptables.rules
|
||||
moon::service charon start 2> /dev/null
|
||||
sun::service charon start 2> /dev/null
|
||||
moon::systemctl start strongswan-swanctl
|
||||
sun::systemctl start strongswan-swanctl
|
||||
moon::expect-connection gw-gw
|
||||
sun::expect-connection gw-gw
|
||||
moon::swanctl --initiate --child net-net 2> /dev/null
|
||||
|
|
|
@ -1,16 +1,12 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
auth {
|
||||
default = 0
|
||||
|
|
|
@ -1,16 +1,12 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
auth {
|
||||
default = 0
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
moon::swanctl --terminate --ike gw-gw 2> /dev/null
|
||||
moon::service charon stop 2> /dev/null
|
||||
sun::service charon stop 2> /dev/null
|
||||
moon::systemctl stop strongswan-swanctl
|
||||
sun::systemctl stop strongswan-swanctl
|
||||
moon::iptables-restore < /etc/iptables.flush
|
||||
sun::iptables-restore < /etc/iptables.flush
|
||||
moon::rm /etc/swanctl/pkcs8/*
|
||||
|
|
|
@ -2,8 +2,8 @@ moon::rm /etc/swanctl/rsa/moonKey.pem
|
|||
sun::rm /etc/swanctl/rsa/sunKey.pem
|
||||
moon::iptables-restore < /etc/iptables.rules
|
||||
sun::iptables-restore < /etc/iptables.rules
|
||||
moon::service charon start 2> /dev/null
|
||||
sun::service charon start 2> /dev/null
|
||||
moon::systemctl start strongswan-swanctl
|
||||
sun::systemctl start strongswan-swanctl
|
||||
moon::expect-connection gw-gw
|
||||
sun::expect-connection gw-gw
|
||||
moon::swanctl --initiate --child net-net 2> /dev/null
|
||||
|
|
|
@ -4,11 +4,15 @@ swanctl {
|
|||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -4,11 +4,15 @@ swanctl {
|
|||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -4,11 +4,15 @@ swanctl {
|
|||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
moon::swanctl --terminate --ike gw-gw 2> /dev/null
|
||||
sun::swanctl --terminate --ike gw-gw 2> /dev/null
|
||||
moon::service charon stop 2> /dev/null
|
||||
sun::service charon stop 2> /dev/null
|
||||
carol::service charon stop 2> /dev/null
|
||||
moon::systemctl stop strongswan-swanctl
|
||||
sun::systemctl stop strongswan-swanctl
|
||||
carol::systemctl stop strongswan-swanctl
|
||||
moon::iptables-restore < /etc/iptables.flush
|
||||
sun::iptables-restore < /etc/iptables.flush
|
||||
carol::iptables-restore < /etc/iptables.flush
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
moon::iptables-restore < /etc/iptables.rules
|
||||
sun::iptables-restore < /etc/iptables.rules
|
||||
carol::iptables-restore < /etc/iptables.rules
|
||||
moon::service charon start 2> /dev/null
|
||||
sun::service charon start 2> /dev/null
|
||||
carol::service charon start 2> /dev/null
|
||||
moon::systemctl start strongswan-swanctl
|
||||
sun::systemctl start strongswan-swanctl
|
||||
carol::systemctl start strongswan-swanctl
|
||||
carol::expect-connection gw-moon
|
||||
carol::expect-connection gw-sun
|
||||
moon::expect-connection gw-gw
|
||||
|
|
|
@ -4,15 +4,19 @@ swanctl {
|
|||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kernel-netlink socket-default forecast vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
|
||||
multiple_authentication = no
|
||||
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
plugins {
|
||||
forecast {
|
||||
groups = 224.0.0.251
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kernel-netlink socket-default forecast vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
|
||||
multiple_authentication = no
|
||||
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
plugins {
|
||||
forecast {
|
||||
groups = 224.0.0.251
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
moon::swanctl --terminate --ike gw-gw 2> /dev/null
|
||||
moon::service charon stop 2> /dev/null
|
||||
sun::service charon stop 2> /dev/null
|
||||
moon::systemctl stop strongswan-swanctl
|
||||
sun::systemctl stop strongswan-swanctl
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
moon::echo 1 > /proc/sys/net/ipv4/igmp_max_memberships
|
||||
sun::echo 1 > /proc/sys/net/ipv4/igmp_max_memberships
|
||||
moon::service charon start 2> /dev/null
|
||||
sun::service charon start 2> /dev/null
|
||||
moon::systemctl start strongswan-swanctl
|
||||
sun::systemctl start strongswan-swanctl
|
||||
moon::expect-connection gw-gw
|
||||
sun::expect-connection gw-gw
|
||||
moon::swanctl --initiate --child net-net 2> /dev/null
|
||||
|
|
|
@ -1,10 +1,14 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default vici updown
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,10 +1,14 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default vici updown
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
moon::swanctl --terminate --ike gw-gw 2> /dev/null
|
||||
moon::service charon stop 2> /dev/null
|
||||
sun::service charon stop 2> /dev/null
|
||||
moon::systemctl stop strongswan-swanctl
|
||||
sun::systemctl stop strongswan-swanctl
|
||||
moon::iptables-restore < /etc/iptables.flush
|
||||
sun::iptables-restore < /etc/iptables.flush
|
||||
moon::rm /etc/swanctl/pubkey/*
|
||||
|
|
|
@ -2,8 +2,8 @@ sun::iptables-restore < /etc/iptables.rules
|
|||
moon::iptables-restore < /etc/iptables.rules
|
||||
sun::cd /etc/swanctl; rm x509/* x509ca/*
|
||||
moon::cd /etc/swanctl; rm x509/* x509ca/*
|
||||
sun::service charon start 2> /dev/null
|
||||
moon::service charon start 2> /dev/null
|
||||
sun::systemctl start strongswan-swanctl
|
||||
moon::systemctl start strongswan-swanctl
|
||||
sun::expect-connection gw-gw
|
||||
moon::expect-connection gw-gw
|
||||
moon::swanctl --initiate --child net-net 2> /dev/null
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp kernel-netlink socket-default updown vici
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp kernel-netlink socket-default updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
moon::swanctl --terminate --ike gw-gw 2> /dev/null
|
||||
moon::service charon stop 2> /dev/null
|
||||
sun::service charon stop 2> /dev/null
|
||||
moon::systemctl stop strongswan-swanctl
|
||||
sun::systemctl stop strongswan-swanctl
|
||||
moon::iptables-restore < /etc/iptables.flush
|
||||
sun::iptables-restore < /etc/iptables.flush
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
sun::iptables-restore < /etc/iptables.rules
|
||||
moon::iptables-restore < /etc/iptables.rules
|
||||
sun::service charon start 2> /dev/null
|
||||
moon::service charon start 2> /dev/null
|
||||
sun::systemctl start strongswan-swanctl
|
||||
moon::systemctl start strongswan-swanctl
|
||||
sun::expect-connection gw-gw
|
||||
moon::expect-connection gw-gw
|
||||
alice::ping -c 3 -W 1 -i 0.2 PH_IP_BOB
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
charon-systemd {
|
||||
load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
charon-systemd {
|
||||
load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
moon::swanctl --terminate --ike gw-gw 2> /dev/null
|
||||
moon::service charon stop 2> /dev/null
|
||||
sun::service charon stop 2> /dev/null
|
||||
moon::systemctl stop strongswan-swanctl
|
||||
sun::systemctl stop strongswan-swanctl
|
||||
moon::iptables-restore < /etc/iptables.flush
|
||||
sun::iptables-restore < /etc/iptables.flush
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
moon::iptables-restore < /etc/iptables.rules
|
||||
sun::iptables-restore < /etc/iptables.rules
|
||||
moon::service charon start 2> /dev/null
|
||||
sun::service charon start 2> /dev/null
|
||||
moon::systemctl start strongswan-swanctl
|
||||
sun::systemctl start strongswan-swanctl
|
||||
moon::expect-connection gw-gw
|
||||
sun::expect-connection gw-gw
|
||||
moon::swanctl --initiate --child net-net 2> /dev/null
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
moon::swanctl --terminate --ike gw-gw 2> /dev/null
|
||||
moon::service charon stop 2> /dev/null
|
||||
sun::service charon stop 2> /dev/null
|
||||
moon::systemctl stop strongswan-swanctl
|
||||
sun::systemctl stop strongswan-swanctl
|
||||
moon::iptables-restore < /etc/iptables.flush
|
||||
sun::iptables-restore < /etc/iptables.flush
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
sun::iptables-restore < /etc/iptables.rules
|
||||
moon::iptables-restore < /etc/iptables.rules
|
||||
sun::service charon start 2> /dev/null
|
||||
moon::service charon start 2> /dev/null
|
||||
sun::systemctl start strongswan-swanctl
|
||||
moon::systemctl start strongswan-swanctl
|
||||
moon::sleep 0.5
|
||||
|
|
|
@ -1,16 +1,19 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
auths = /usr/local/sbin/swanctl --load-authorities
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
plugins {
|
||||
revocation {
|
||||
enable_ocsp = no
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,12 +1,16 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
plugins {
|
||||
revocation {
|
||||
enable_ocsp = no
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
carol::swanctl --terminate --ike home
|
||||
carol::service charon stop 2> /dev/null
|
||||
moon::service charon stop 2> /dev/null
|
||||
carol::systemctl stop strongswan-swanctl
|
||||
moon::systemctl stop strongswan-swanctl
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
moon::service charon start 2> /dev/null
|
||||
carol::service charon start 2> /dev/null
|
||||
moon::systemctl start strongswan-swanctl
|
||||
carol::systemctl start strongswan-swanctl
|
||||
moon::expect-connection rw
|
||||
carol::expect-connection home
|
||||
carol::swanctl --initiate --child home
|
||||
|
|
|
@ -1,15 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
auths = /usr/local/sbin/swanctl --load-authorities
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,15 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
auths = /usr/local/sbin/swanctl --load-authorities
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,15 +1,18 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
swanctl {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random
|
||||
}
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
auths = /usr/local/sbin/swanctl --load-authorities
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
carol::swanctl --terminate --ike home 2> /dev/null
|
||||
dave::swanctl --terminate --ike home 2> /dev/null
|
||||
carol::service charon stop 2> /dev/null
|
||||
dave::service charon stop 2> /dev/null
|
||||
moon::service charon stop 2> /dev/null
|
||||
carol::systemctl stop strongswan-swanctl
|
||||
dave::systemctl stop strongswan-swanctl
|
||||
moon::systemctl stop strongswan-swanctl
|
||||
carol::rm -r /etc/swanctl
|
||||
dave::rm -r /etc/swanctl
|
||||
moon::rm -r /etc/swanctl
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
moon::service charon start 2> /dev/null
|
||||
carol::service charon start 2> /dev/null
|
||||
dave::service charon start 2> /dev/null
|
||||
moon::systemctl start strongswan-swanctl
|
||||
carol::systemctl start strongswan-swanctl
|
||||
dave::systemctl start strongswan-swanctl
|
||||
moon::expect-connection research
|
||||
carol::expect-connection home
|
||||
carol::swanctl --initiate --child alice 2> /dev/null
|
||||
|
|
|
@ -1,11 +1,14 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
auths = /usr/local/sbin/swanctl --load-authorities
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,10 +1,14 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
carol::swanctl --terminate --ike home
|
||||
carol::service charon stop 2> /dev/null
|
||||
moon::service charon stop 2> /dev/null
|
||||
carol::systemctl stop strongswan-swanctl
|
||||
moon::systemctl stop strongswan-swanctl
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
moon::service charon start 2> /dev/null
|
||||
carol::service charon start 2> /dev/null
|
||||
moon::systemctl start strongswan-swanctl
|
||||
carol::systemctl start strongswan-swanctl
|
||||
moon::expect-connection rw
|
||||
carol::expect-connection home
|
||||
carol::swanctl --initiate --child home
|
||||
|
|
|
@ -1,10 +1,14 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,10 +1,14 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
carol::swanctl --terminate --ike home
|
||||
carol::service charon stop 2> /dev/null
|
||||
moon::service charon stop 2> /dev/null
|
||||
carol::systemctl stop strongswan-swanctl
|
||||
moon::systemctl stop strongswan-swanctl
|
||||
moon::iptables-restore < /etc/iptables.flush
|
||||
carol::iptables-restore < /etc/iptables.flush
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
moon::iptables-restore < /etc/iptables.rules
|
||||
carol::iptables-restore < /etc/iptables.rules
|
||||
moon::service charon start 2> /dev/null
|
||||
carol::service charon start 2> /dev/null
|
||||
moon::systemctl start strongswan-swanctl
|
||||
carol::systemctl start strongswan-swanctl
|
||||
moon::expect-connection icmp
|
||||
moon::expect-connection ssh
|
||||
carol::expect-connection icmp
|
||||
|
|
|
@ -1,10 +1,14 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
charon-systemd {
|
||||
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
|
||||
|
||||
start-scripts {
|
||||
creds = /usr/local/sbin/swanctl --load-creds
|
||||
conns = /usr/local/sbin/swanctl --load-conns
|
||||
}
|
||||
syslog {
|
||||
daemon {
|
||||
default = 1
|
||||
}
|
||||
auth {
|
||||
default = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue