[strongSwan] Convert ipsec.conf to swanctl.conf
Alex K
rightkicktech at gmail.com
Wed Feb 26 15:27:09 CET 2020
Hi all,
I have setup an L2TP/IPsec tunnel terminating to a Mikrotik router using
IKEv1 and preshared keys. I used the followign sources to accomplish this:
https://jeanbruenn.info/2017/04/13/strongswan-l2tp-using-xl2tpd/
https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md
The stroke ipsec tunnel is functioning as expected. I switched then the
configuration to the modern vici based one so as to manage the tunnels
through swanctl, as following:
*/etc/swanctl/swanctl.conf *
connections {
myvpn {
# IKEv1
version = 1
proposals = aes128-sha256-modp2048,default
rekey_time = 0s
fragmentation = yes
dpd_delay = 30s
dpd_timeout = 90s
local_addrs = %any
remote_addrs = 192.168.99.200
local {
auth = psk
}
remote {
auth = psk
id = 192.168.99.200
}
children {
myvpn {
local_ts = dynamic[/1701]
esp_proposals = aes128-sha256-modp2048,default
mode = transport
rekey_time = 0s
dpd_action = restart
}
}
}
}
secrets {
ike-psk {
id = 192.168.99.200
secret = mypass
}
}
*/etc/strongswan.conf *
charon {
load_modular = yes
plugins {
include strongswan.d/charon/*.conf
}
start-scripts {
creds = /usr/sbin/swanctl --load-creds
conns = /usr/sbin/swanctl --load-conns
}
}
I have zeroed the files /etc/ipsec.conf and /etc/ipsec.secrets, so as to
avoid possible conflicts.
To start the L2TP/IPsec tunnel I need to still issue:
echo "c myvpn" > /var/run/xl2tpd/l2tp-control.
Is this command still needed? Is there any way that one can start the L2TP
tunnel automatically using only strongswan configs?
Thank you!
Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200226/b774ad7b/attachment.html>
More information about the Users
mailing list