Security Associations (1 up, 0 connecting):
ec6[16]: ESTABLISHED 10 minutes ago, 2400:8902::f03c:0366:febc:6a0a[xyz.wuruxu.cn]...2409:8a6a:216:6677:67b4:8899:ba5d:344[debian]
ec6[16]: Remote EAP identity: wuruxu
ec6[16]: IKEv2 SPIs: 58812b94cf2332f9_i 12425e338a463d3e_r*, public key reauthentication in 2 hours
ec6[16]: IKE proposal: CHACHA20_POLY1305/PRF_HMAC_SHA2_512/CURVE_25519
ec6{11}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: caf69aa5_i c2924650_o
ec6{11}: AES_GCM_16_256, 966634 bytes_i (7095 pkts, 0s ago), 10632497 bytes_o (12299 pkts, 0s ago), rekeying in 34 minutes
ec6{11}: 0.0.0.0/0 ::/0 === 10.18.0.1/32 2001:166:188:d88:1::2/128
This topic created in 1210 days ago, the information mentioned may be changed or developed.
Supplement 1 · Feb 19, 2023
关于 更多 strongswan 的配置信息,可以参考我的 git repo
Supplement 2 · Jan 15, 2025
目前已经废弃了 ipsec.conf 来管理 strongswan 的服务了,有这方面技术需求的同学 可以 TG 我
 |
1
wolonggl Feb 16, 2023
配置发出来共享下
|
 |
2
wuruxu OP @wolonggl
``` # ipsec.conf - strongSwan IPsec configuration file # basic configuration config setup strictcrlpolicy=yes uniqueids = never conn %default keyexchange=ikev2 left=%defaultroute leftauth=pubkey leftfirewall=yes mobike=yes compress=yes ike=chacha20poly1305-sha512-newhope128,chacha20poly1305-sha512-x25519,aes256-sha512-modp2048,aes128-sha512-modp2048,aes256ccm96-sha384-modp2048,aes256-sha256-modp2048,aes128-sha256-modp2048,aes128-sha1-modp2048! esp=chacha20poly1305,aes256gcm128,aes128gcm128,aes256ccm128,aes256 conn ec6 leftsendcert=always leftcert=nginx.ssl.xyz.ecc.cer [email protected] leftsubnet=0.0.0.0/0,::/0 rightauth=eap-mschapv2 rightsourceip=2004:0988:0816:d88:1::/80,10.128.0.0/24 rightdns=2001:4860:4860::8888,1.1.1.1 rightsendcert=never eap_identity=%identity auto=add ``` |
Select Language