IPSec Libreswan und FritzBox
Hier sind die Konfigurationsdateien wie man eine VPN mit IPSec zwichen der Fritz Box und libreswan herstellt.
192.168.138.0/24 - lokales Netz auf dem Server
192.168.178.1 - lokales Netz Fritzbox
ipsec.conf
version 2.0
config setup
nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:10.8.0.0/24,%v4:192.168.138.0/24
oe=off
protostack=netkey
conn avm
authby=secret
auto=add
type=tunnel
aggrmode=no
left=IP
leftid=@Domain
leftsourceip=192.168.138.1
leftsubnet=192.168.138.0/24
right=xxxxxxxx.myfritz.net
rightsourceip=192.168.178.1
rightsubnet=192.168.178.0/24
rightid=@xxxxxxxxx.myfritz.net
ike=aes256-sha1;modp2048
phase2=esp
pfs=yes
dpddelay=60
dpdaction=restart
dpdtimeout=60
ipsec.secrets
Server_IP %any: PSK "Mein_super_geheimes_PW"
fritz.cfg
vpncfg {
connections {
enabled = yes;
conn_type = conntype_lan;
name = "Name von VPN";
always_renew = yes;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = 0.0.0.0;
remote_virtualip = 0.0.0.0;
remotehostname = "Servername_oder_IP";
localid {
fqdn = "xxxxxxxxxxxxxx.myfritz.net";
}
remoteid {
fqdn = "Servername";
}
mode = phase1_mode_idp;
phase1ss = "dh14/aes/sha";
keytype = connkeytype_pre_shared;
key = "Mein_super_geheimes_PW";
cert_do_server_auth = no;
use_nat_t = no;
use_xauth = no;
use_cfgmode = no;
phase2localid {
ipnet {
ipaddr = 192.168.178.0;
mask = 255.255.255.0;
}
}
phase2remoteid {
ipnet {
ipaddr = 192.168.138.0;
mask = 255.255.255.0;
}
}
phase2ss = "esp-aes256-3des-sha/ah-no/comp-lzs-no/pfs";
accesslist = "permit ip any 192.168.138.0 255.255.255.0";
}
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
"udp 0.0.0.0:4500 0.0.0.0:4500";
}
// EOF
Published
08 March 2017