Hey Paul, thanks for your answer... Em dom., 30 de out. de 2022 às 19:42, Paul Wouters <[email protected]> escreveu:
> Yes, use the IKEv2 road warrior setup examples and forward port 500,4500 > UDP. > You're talking about this example? https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2 Below is the configuration I wrote... based on my scenario described in the first email, is it correct? When I create the VPN connection inside the MacOS Network Preferences, inside authentication settings, I have the following options, but I can make no sense of any: - user authentication: then it asks the username and password. What user/pass? - certificate authentication: then it shows 2 certificates to choose: com.apple.systemdefault and com.apple.kerberos.kdc .... - none: then it shows a field for a pre-shared key... (what pre-shared key?) or to choose one of the certificates above. Am I missing some information? I'm kind of lost here... Could you explain the steps with more details? Cheers, Rodrigo conn ikev2-cp left=192.168.0.101 leftcert=gruppelli leftid=@gruppelli leftsendcert=always leftsubnet=192.168.0.0/24 leftrsasigkey=%cert right=%any rightaddresspool=192.168.0.1-192.168.0.254 rightca=%same rightrsasigkey=%cert narrowing=yes dpddelay=30 dpdtimeout=120 dpdaction=clear auto=add ikev2=insist rekey=no fragmentation=yes > Sent using a virtual keyboard on a phone > > > On Oct 29, 2022, at 08:43, Rodrigo Gruppelli <[email protected]> wrote: > > > > Greetings! > > > > I would like to know if it’s possible to achieve this kind of setup: > > > > On the left side, there is my local network (192.168.0.0/24) > > > > - The libreswan server is inside this network (IP 192.168.0.120) > > - The provider's router local IP is 192.168.0.1 and its external IP is > valid but dynamic > > - I use No-IP.org for dynamic DNS bindings > > - I can tweak configuration inside provider’s router, to redirect > external TCP/UDP ports to machines inside > > > > On the right side, I’d like to be able to establish a tunnel with my > local network, wherever I am in the world, using a macbook, acessing > whatever machine inside my local network. > > > > Is it possible to build a setup like this? What do I need to configure > in ipsec.conf ? > > > > Cheers > > Rodrigo > > > > _______________________________________________ > > Swan mailing list > > [email protected] > > https://lists.libreswan.org/mailman/listinfo/swan >
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
