Differences

This shows you the differences between two versions of the page.

Link to this comparison view

ipsec_client [2011/08/29 22:36]
ipsec_client [2011/08/30 15:34] (current)
Line 1: Line 1:
 +This article describes how to set up an IPsec client.
  
 +====== configure ======
 +
 +  * install [[IPsec_strongswan|strongswan]]
 +  * create connection (change the IMSI)
 +
 +  sudo tee -a /etc/ipsec.conf << EOF
 +  
 +  conn sfr
 +      keyexchange=ikev2
 +      ike=aes128-sha1-modp1024!
 +      mobike=no
 +      left=%any
 +      leftikeport=4500
 +      leftid=1<IMSI>@gan.mnc010.mcc208.3gppnetwork.org
 +      leftauth=eap
 +      leftsourceip=%cfg
 +      right=unc1-ch1.fr.sfr.com
 +      rightikeport=4500
 +      rightid=@unc1-ch1.fr.sfr.com
 +      rightca="C=FR, ST=Ile de France, L=Champlan, O=SFR, OU=DGRS, CN=SFR Femto Champlan 1tier CA"
 +      rightsubnet=172.0.0.0/8
 +      auto=add
 +  EOF
 +
 +  * the client uses PCSC to get the SIM triplet (reader needed)
 +  * install the CA from the femtocell
 +
 +  openssl x509 -in operator/gwcert.der -inform DER -out cacert.pem -outform PEM
 +  sudo cp cacert.pem /etc/ipsec.d/cacerts/
 +
 +====== use ======
 +
 +  * start the IPsec client and connect to SFR.
 +
 +  sudo -s
 +  ipsec start
 +  ipsec up sfr
 +
 +  * **WARNING**: the server will give you a DNS entry. Remove or set it as last DNS server in **/etc/resolv.conf**, else all you queries will go to the SFR DNS server. They will not be resolved (this server is only for the local network) and SFR can detect it.
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki