swanctl.conf: change to host2host

Fix the problem of ipsec only working properly in client -> server direction, as described in OS#5675.
2022-09-07 13:05:07 +02:00 · 2022-09-07 13:05:07 +02:00 · 161cadfd3b
parent 6348c040a4
commit 161cadfd3b
3 changed files with 10 additions and 9 deletions
--- a/ipsec-gtp/README.md
+++ b/ipsec-gtp/README.md
@ -15,7 +15,7 @@ How to use:
 * server: copy server.network contents to /etc/systemd/network/
 * client: copy client.network contents to /etc/systemd/network/
 * client and server: start charon-systemd (debian: `systemctl start strongswan`)
-* client: run `swanctl --initiate --child home`
+* client: run `swanctl --initiate --child host-host`
 * client: run `client.gtp.sh`
 * server: run `server.gtp.sh`

--- a/ipsec-gtp/client.swanctl.conf
+++ b/ipsec-gtp/client.swanctl.conf
@ -1,6 +1,6 @@
 connections {

-   home {
+   host-host {
      local_addrs  = 10.0.0.2
      remote_addrs = 10.0.0.1

@ -13,9 +13,9 @@ connections {
         id = moon.strongswan.org
      }
      children {
-         home {
-            remote_ts = 10.1.0.0/16
-
+         host-host {
+	    local_ts = 10.1.0.2
+	    remote_ts = 10.1.0.1
            updown = /usr/lib/ipsec/_updown iptables
            # esp_proposals = aes128gcm128-x25519
 	    esp_proposals = null-null
--- a/ipsec-gtp/server.swanctl.conf
+++ b/ipsec-gtp/server.swanctl.conf
@ -1,7 +1,8 @@
 connections {

-   rw {
+   host-host {
      local_addrs  = 10.0.0.1
+      remote_addrs = 10.0.0.2

      local {
         auth = pubkey
@ -12,9 +13,9 @@ connections {
         auth = psk
      }
      children {
-         net {
-            local_ts  = 10.1.0.0/16
-
+         host-host {
+	    local_ts = 10.1.0.1
+	    remote_ts = 10.1.0.2
 	    updown = /usr/lib/ipsec/_updown iptables
            # esp_proposals = aes128gcm128-x25519
 	    esp_proposals = null-null