Differences

This shows you the differences between two versions of the page.

@@ Line 1: / Line 1: @@
+Here a how to install an IPsec implementation [[http://www.strongswan.org/|strongswan]]
+====== install ======
+  * build dependencies
+  sudo aptitude install build-essential bison libgmp3-dev libssl-dev libpcsclite-dev
+  * get strongswan
+  wget http://download.strongswan.org/strongswan-4.5.2.tar.bz2
+  tar xf strongswan-4.*.tar.bz2
+  cd strongswan-4.*/
+  * configure with following options :
+    * for the server :
+  ./configure --prefix=/usr --sysconfdir=/etc --disable-pluto  --enable-openssl --enable-eap-sim --enable-eap-sim-file --enable-socket-dynamic
+    * for the client :
+  ./configure --prefix=/usr --sysconfdir=/etc --disable-pluto  --enable-openssl --enable-eap-sim --enable-eap-sim-pcsc --enable-eap-identity --enable-socket-dynamic
+  * details about the options :
+    * get rid of pluto=ikev1
+    * openssl for the CA
+    * eap-sim for EAP-SIM auth procedure
+    * eap-sim-file to read the tuples from file **/etc/ipsec.d/triplets.dat**
+    * eap-sim-pcsc to read the tuples from SIM card
+    * eap-identity to provide the EAP id (> ESP ID)
+    * socket-dynamic to be able to send IKE_SA_INIT to port 4500
+  * compile and install
+  make
+  sudo make install
+  cd ..
+====== tools ======
+  * to get the status infos
+  sudo ipsec statusall
+  sudo ipsec listall
+  * to get the logs
+  tail -f /var/log/daemon.log
+  * to get the keys on current connection
+  ip xfrm state
+  * to have very verbose debug trace, in file **/etc/ipsec.conf**, section ''config setup'', add :
+  charondebug="dmn 4,mgr 4,ike 4,chd 4,net 4,enc 4"