IKEV2C_0USER.ini is the configuration as exported by the lancom config tool-
ipsec up con1@host1
ip route list table 220
Last active
February 21, 2023 15:02
-
-
Save kralo/8afd817bc82a4062613eea76365ca3ab to your computer and use it in GitHub Desktop.
[HOWTO] configuration example for lancom host to ubuntu 16.04 vpn client
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [PROFILE1] | |
| Name=T-IKEV2C_0USER | |
| ConnMedia=21 | |
| ConnMode=0 | |
| SeamRoaming=1 | |
| PriVoIP=1 | |
| Gateway=1.2.3.4 | |
| PFS=14 | |
| UseComp=0 | |
| IkeIdType=3 | |
| IkeIdStr=IKEV2C_0USER1@intern | |
| Secret=reallysecretpassword | |
| UseXAUTH=0 | |
| IpAddrAssign=0 | |
| IkeDhGroup=14 | |
| ExchMode=34 | |
| IKEv2Auth=2 | |
| IKEv2Policy=WIZ-AES256-SHA256 | |
| IPSEC-Policy=WIZ-AES256-SHA256 | |
| [IKEV2POLICY1] | |
| Ikev2Name=WIZ-AES256-SHA256 | |
| Ikev2Crypt=6 | |
| Ikev2PRF=5 | |
| Ikev2IntAlgo=12 | |
| [IPSECPOLICY1] | |
| IPSecName=WIZ-AES256-SHA256 | |
| IpsecCrypt=6 | |
| IpsecAuth=5 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/ipsec.conf | |
| config setup | |
| # strictcrlpolicy=yes | |
| # uniqueids = no | |
| conn con1@host1 | |
| keyexchange=ikev2 | |
| # ike=aes256-sha256-modp2048! | |
| # esp=aes256-sha256! | |
| auto=add | |
| authby=psk | |
| left=%defaultroute | |
| leftid=IKEV2C_0USER1@intern | |
| leftauth=psk | |
| #get the ip dynamically from the gateway | |
| leftsourceip=%config4, %config6 | |
| right=1.2.3.4 | |
| rightid=IKEV2C_0USER1@intern | |
| rightauth=psk | |
| rightsubnet=192.168.3.0/24 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/etc/ipsec.secrets | |
| IKEV2C_0USER1@intern : PSK "reallysecretpassword" |
I don't know if I get your question right:
this is a _P_re _S_ hared _K_ey,
so it has to be the same on either side.
My term "reallysecretpassword" refers to the really same literal password!
You get it right. Thanks. So my issue is somewhere else.
Dude, great thanks for that snippets! I would have searched the web and tried various configs for hours if I hadn't found this.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I would like to setup a similar connection. However ipsec keep saying that there is "no shared key found for 'MyValueOfLeftId' - 'MyValueOfRightId'".
Did you just copy and paste the
Secretfrom your ini file intoipsec.secrets?