Raspi 3 - Initiating IoT Device » History » Version 1
Andreas Steffen, 15.08.2015 15:13
| 1 | 1 | Andreas Steffen | h1. IoT-Initiator Raspi 3 |
|---|---|---|---|
| 2 | 1 | Andreas Steffen | |
| 3 | 1 | Andreas Steffen | strongSwan IPsec configuration file */etc/ipsec.conf* |
| 4 | 1 | Andreas Steffen | <pre> |
| 5 | 1 | Andreas Steffen | config setup |
| 6 | 1 | Andreas Steffen | charondebug="tnc 2, imc 2, imv 2, pts 3" |
| 7 | 1 | Andreas Steffen | |
| 8 | 1 | Andreas Steffen | conn %default |
| 9 | 1 | Andreas Steffen | ike=aes128-sha256-ecp256! |
| 10 | 1 | Andreas Steffen | esp=aes128-sha256-ecp256! |
| 11 | 1 | Andreas Steffen | keyexchange=ikev2 |
| 12 | 1 | Andreas Steffen | |
| 13 | 1 | Andreas Steffen | conn peer |
| 14 | 1 | Andreas Steffen | left=10.10.1.39 |
| 15 | 1 | Andreas Steffen | leftauth=eap-ttls |
| 16 | 1 | Andreas Steffen | leftcert=raspi3Cert.pem |
| 17 | 1 | Andreas Steffen | leftid=raspi3.example.com |
| 18 | 1 | Andreas Steffen | leftfirewall=yes |
| 19 | 1 | Andreas Steffen | right=10.10.1.40 |
| 20 | 1 | Andreas Steffen | rightauth=any |
| 21 | 1 | Andreas Steffen | rightid=raspi4.example.com |
| 22 | 1 | Andreas Steffen | type=transport |
| 23 | 1 | Andreas Steffen | auto=add |
| 24 | 1 | Andreas Steffen | </pre> |
| 25 | 1 | Andreas Steffen | |
| 26 | 1 | Andreas Steffen | strongSwan IPsec secrets file */etc/ipsec.secrets* |
| 27 | 1 | Andreas Steffen | <pre> |
| 28 | 1 | Andreas Steffen | : RSA raspi3Key.pem |
| 29 | 1 | Andreas Steffen | </pre> |
| 30 | 1 | Andreas Steffen | |
| 31 | 1 | Andreas Steffen | strongSwan configuration file */etc/strongswan.conf* |
| 32 | 1 | Andreas Steffen | <pre> |
| 33 | 1 | Andreas Steffen | # strongswan.conf - strongSwan configuration file |
| 34 | 1 | Andreas Steffen | |
| 35 | 1 | Andreas Steffen | charon { |
| 36 | 1 | Andreas Steffen | load = random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke |
| 37 | 1 | Andreas Steffen | |
| 38 | 1 | Andreas Steffen | half_open_timeout = 90 |
| 39 | 1 | Andreas Steffen | |
| 40 | 1 | Andreas Steffen | plugins { |
| 41 | 1 | Andreas Steffen | eap-ttls |
| 42 | 1 | Andreas Steffen | { |
| 43 | 1 | Andreas Steffen | max_message_count = 0 |
| 44 | 1 | Andreas Steffen | request_peer_auth = yes |
| 45 | 1 | Andreas Steffen | phase2_piggyback = yes |
| 46 | 1 | Andreas Steffen | phase2_tnc = yes |
| 47 | 1 | Andreas Steffen | } |
| 48 | 1 | Andreas Steffen | eap-tnc { |
| 49 | 1 | Andreas Steffen | max_message_count = 0 |
| 50 | 1 | Andreas Steffen | } |
| 51 | 1 | Andreas Steffen | tnccs-20 { |
| 52 | 1 | Andreas Steffen | mutual = yes |
| 53 | 1 | Andreas Steffen | } |
| 54 | 1 | Andreas Steffen | } |
| 55 | 1 | Andreas Steffen | } |
| 56 | 1 | Andreas Steffen | |
| 57 | 1 | Andreas Steffen | libimcv { |
| 58 | 1 | Andreas Steffen | database = sqlite:///etc/pts/config.db |
| 59 | 1 | Andreas Steffen | policy_script = ipsec imv_policy_manager |
| 60 | 1 | Andreas Steffen | |
| 61 | 1 | Andreas Steffen | plugins { |
| 62 | 1 | Andreas Steffen | imc-os { |
| 63 | 1 | Andreas Steffen | device_pubkey = /etc/pts/aik3Pub.der |
| 64 | 1 | Andreas Steffen | } |
| 65 | 1 | Andreas Steffen | imc-attestation { |
| 66 | 1 | Andreas Steffen | aik_blob = /etc/pts/aik3Blob.bin |
| 67 | 1 | Andreas Steffen | aik_cert = /etc/pts/aik3Cert.der |
| 68 | 1 | Andreas Steffen | } |
| 69 | 1 | Andreas Steffen | imv-attestation { |
| 70 | 1 | Andreas Steffen | cadir = /etc/pts/cacerts |
| 71 | 1 | Andreas Steffen | hash_algorithm = sha1 |
| 72 | 1 | Andreas Steffen | } |
| 73 | 1 | Andreas Steffen | } |
| 74 | 1 | Andreas Steffen | } |
| 75 | 1 | Andreas Steffen | |
| 76 | 1 | Andreas Steffen | libtls { |
| 77 | 1 | Andreas Steffen | suites = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
| 78 | 1 | Andreas Steffen | } |
| 79 | 1 | Andreas Steffen | |
| 80 | 1 | Andreas Steffen | pt-tls-client { |
| 81 | 1 | Andreas Steffen | load = random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 curl |
| 82 | 1 | Andreas Steffen | } |
| 83 | 1 | Andreas Steffen | |
| 84 | 1 | Andreas Steffen | attest { |
| 85 | 1 | Andreas Steffen | database=sqlite:///etc/pts/config.db |
| 86 | 1 | Andreas Steffen | } |
| 87 | 1 | Andreas Steffen | </pre> |
| 88 | 1 | Andreas Steffen | |
| 89 | 1 | Andreas Steffen | <pre> |
| 90 | 1 | Andreas Steffen | |
| 91 | 1 | Andreas Steffen | </pre> |