strongSwan User Documentation » Configuration Examples »
« Previous -
Version 9/11
(diff) -
Next » -
Current version
Andreas Steffen, 21.05.2021 13:05
IKEv2 Legacy Configuration Examples¶
These example scenarios use the deprecated stroke management interface.
Remote Access¶
| RSA authentication with X.509 certificates |
IPv4 |
IPv6 |
NAT |
| PSK authentication with pre-shared keys (IP) |
IPv4 |
IPv6 |
NAT |
| PSK authentication with pre-shared keys (FQDN) |
IPv4 |
|
|
| EAP_AKA authentication |
IPv4 |
|
|
| EAP_AKA authentication with EAP identity |
IPv4 |
|
|
| EAP_SIM authentication |
IPv4 |
|
RADIUS |
| EAP_SIM authentication with EAP identity |
|
|
RADIUS |
| EAP_SIM only authentication |
|
|
RADIUS |
| EAP_MSCHAPv2 authentication with EAP identity |
IPv4 |
|
|
| EAP_MD5 authentication |
IPv4 |
|
RADIUS |
| EAP_MD5 authentication with EAP identity |
|
|
RADIUS |
| EAP_TLS authentication |
IPv4 |
|
RADIUS |
| EAP_TTLS with EAP_MD5 client authentication |
IPv4 |
|
RADIUS |
| EAP_PEAP with EAP_MD5 client authentication |
IPv4 |
|
RADIUS |
| EAP_PEAP with EAP_MSCHAPv2 client authentication |
IPv4 |
|
|
Remote Access with Virtual IP Adresses¶
| RAM-based server-side virtual IP pool |
IPv4 |
| DB-based server-side virtual IP pool |
IPv4 |
| Static server-side virtual IP addresses |
IPv4 |
| Static client-side virtual IP addresses |
IPv4 |
| Two RAM-based server-side virtual IP pools |
IPv4 |
| Two DB-based server-side virtual IP pools |
IPv4 |
Site-to-Site¶
| RSA authentication with X.509 certificates |
IPv4 |
IPv6 |
| PSK authentication with pre-shared keys |
IPv4 |
|
| Connection setup automatically started by daemon |
IPv4 |
|
| Connection setup triggered by data to be tunneled |
IPv4 |
|
Host-to-Host¶
| IPsec tunnel mode with X.509 certificates |
IPv4 |
IPv6 |
| IPsec transport mode with X.509 certificates |
IPv4 |
IPv6 |
IP Protocol and Port Policies¶
| IPsec tunnel restricted to ICMP and ssh protocols |
IPv4 |
Complete List¶
All IKEv2 legacy test scenarios