swanctl.conf: change to host2host
Fix the problem of ipsec only working properly in client -> server direction, as described in OS#5675.
This commit is contained in:
parent
6348c040a4
commit
161cadfd3b
|
@ -15,7 +15,7 @@ How to use:
|
||||||
* server: copy server.network contents to /etc/systemd/network/
|
* server: copy server.network contents to /etc/systemd/network/
|
||||||
* client: copy client.network contents to /etc/systemd/network/
|
* client: copy client.network contents to /etc/systemd/network/
|
||||||
* client and server: start charon-systemd (debian: `systemctl start strongswan`)
|
* client and server: start charon-systemd (debian: `systemctl start strongswan`)
|
||||||
* client: run `swanctl --initiate --child home`
|
* client: run `swanctl --initiate --child host-host`
|
||||||
* client: run `client.gtp.sh`
|
* client: run `client.gtp.sh`
|
||||||
* server: run `server.gtp.sh`
|
* server: run `server.gtp.sh`
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
connections {
|
connections {
|
||||||
|
|
||||||
home {
|
host-host {
|
||||||
local_addrs = 10.0.0.2
|
local_addrs = 10.0.0.2
|
||||||
remote_addrs = 10.0.0.1
|
remote_addrs = 10.0.0.1
|
||||||
|
|
||||||
|
@ -13,9 +13,9 @@ connections {
|
||||||
id = moon.strongswan.org
|
id = moon.strongswan.org
|
||||||
}
|
}
|
||||||
children {
|
children {
|
||||||
home {
|
host-host {
|
||||||
remote_ts = 10.1.0.0/16
|
local_ts = 10.1.0.2
|
||||||
|
remote_ts = 10.1.0.1
|
||||||
updown = /usr/lib/ipsec/_updown iptables
|
updown = /usr/lib/ipsec/_updown iptables
|
||||||
# esp_proposals = aes128gcm128-x25519
|
# esp_proposals = aes128gcm128-x25519
|
||||||
esp_proposals = null-null
|
esp_proposals = null-null
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
connections {
|
connections {
|
||||||
|
|
||||||
rw {
|
host-host {
|
||||||
local_addrs = 10.0.0.1
|
local_addrs = 10.0.0.1
|
||||||
|
remote_addrs = 10.0.0.2
|
||||||
|
|
||||||
local {
|
local {
|
||||||
auth = pubkey
|
auth = pubkey
|
||||||
|
@ -12,9 +13,9 @@ connections {
|
||||||
auth = psk
|
auth = psk
|
||||||
}
|
}
|
||||||
children {
|
children {
|
||||||
net {
|
host-host {
|
||||||
local_ts = 10.1.0.0/16
|
local_ts = 10.1.0.1
|
||||||
|
remote_ts = 10.1.0.2
|
||||||
updown = /usr/lib/ipsec/_updown iptables
|
updown = /usr/lib/ipsec/_updown iptables
|
||||||
# esp_proposals = aes128gcm128-x25519
|
# esp_proposals = aes128gcm128-x25519
|
||||||
esp_proposals = null-null
|
esp_proposals = null-null
|
||||||
|
|
Loading…
Reference in New Issue