From Fedora Project Wiki
(Created page with "Strongswan can be considered the most powerful IPsec implementation in Fedora. == Features * IKEv1, IKEv2 (older and current version of Internet Key Exchange) * MOBIKE (mobilit...")
 
Line 1: Line 1:
 
Strongswan can be considered the most powerful IPsec implementation in Fedora.
 
Strongswan can be considered the most powerful IPsec implementation in Fedora.
  
== Features
+
== Features ==
  
 
* IKEv1, IKEv2 (older and current version of Internet Key Exchange)
 
* IKEv1, IKEv2 (older and current version of Internet Key Exchange)
 
* MOBIKE (mobility and multihoming extension to IKEv2)
 
* MOBIKE (mobility and multihoming extension to IKEv2)
 
* IPv4, IPv6 (old and new Internet Protocol)
 
* IPv4, IPv6 (old and new Internet Protocol)
* Road Warror Setup
+
* Road warror setup
* NAT Traversal
+
* NAT traversal
 
* NetworkManager plugin
 
* NetworkManager plugin
 
* And much more...
 
* And much more...
 +
 +
== Use cases ==
 +
 +
=== Simple bi-directional transport channel ===
 +
 +
<pre>
 +
conn test
 +
    auto=route
 +
    type=transport
 +
    left=2001:db8::a
 +
    right=2001:db8::b
 +
    authby=psk
 +
    mobike=no
 +
</pre>
 +
 +
=== Road warrior (server) ===
 +
 +
<pre>
 +
conn test
 +
    auto=add
 +
    type=transport
 +
    left=%any
 +
    right=2001:db8::b
 +
    authby=psk
 +
    mobike=no
 +
</pre>
 +
 +
=== Road warrior (client) ===
 +
 +
<pre>
 +
conn test
 +
    auto=add
 +
    type=transport
 +
    left=%defaultroute
 +
    leftid=@alpha.example.net
 +
    right=2001:db8::b
 +
    authby=psk
 +
    mobike=no
 +
</pre>
 +
 +
=== Tunnel mode ===
 +
 +
<pre>
 +
conn test
 +
    auto=route
 +
    type=tunnel
 +
    left=2001:db8::a
 +
    leftsubnet=2001:db8:a:a::/64
 +
    right=2001:db8::b
 +
    leftsubnet=2001:db8:b:b::/64
 +
    authby=psk
 +
    mobike=no
 +
</pre>

Revision as of 00:40, 27 May 2012

Strongswan can be considered the most powerful IPsec implementation in Fedora.

Features

  • IKEv1, IKEv2 (older and current version of Internet Key Exchange)
  • MOBIKE (mobility and multihoming extension to IKEv2)
  • IPv4, IPv6 (old and new Internet Protocol)
  • Road warror setup
  • NAT traversal
  • NetworkManager plugin
  • And much more...

Use cases

Simple bi-directional transport channel

conn test
    auto=route
    type=transport
    left=2001:db8::a
    right=2001:db8::b
    authby=psk
    mobike=no

Road warrior (server)

conn test
    auto=add
    type=transport
    left=%any
    right=2001:db8::b
    authby=psk
    mobike=no

Road warrior (client)

conn test
    auto=add
    type=transport
    left=%defaultroute
    leftid=@alpha.example.net
    right=2001:db8::b
    authby=psk
    mobike=no

Tunnel mode

conn test
    auto=route
    type=tunnel
    left=2001:db8::a
    leftsubnet=2001:db8:a:a::/64
    right=2001:db8::b
    leftsubnet=2001:db8:b:b::/64
    authby=psk
    mobike=no