https://wiki.strongswan.org/projects/strongswan/wiki/Ipsecsecrets
PSK Secret
A preshared secret is most conveniently represented as a sequence of characters, which is delimited by double-quote characters ("). The sequence cannot contain newline or double-quote characters.
Alternatively, preshared secrets can be represented as hexadecimal or Base64 encoded binary values. A character sequence beginning with 0x is interpreted as sequence hexadecimal digits. Similarly, a character sequence beginning with 0s is interpreted as Base64 encoded binary data.
Notation
[ <id selectors> ] : PSK <secret>
mples" style="color: rgb(138, 0, 32); word-wrap: break-word; font-weight: bold; font-family: Verdana, sans-serif; font-size: 12px; white-space: normal; background-color: rgb(255, 255, 255);">
Examples
XAUTH Secret
The format of XAUTH secrets is the same as that of PSK secrets.
XAUTH secrets are IKEv1 only.
Notation
strongSwan < 4.4.0
: XAUTH <username> "<password>"
strongSwan >= 4.4.0
[ <servername> ] <username> : XAUTH "<password>"
Examples
EAP Secret
The format of EAP secrets is the same as that of PSK secrets.
EAP secrets are IKEv2 only.
Notation
<user id> : EAP <secret>
Examples
# vim /etc/strongswan/ipsec.secrets
将上面的12345678a单词更改为你需要的PSK认证方式的密钥;
将上面的12345678b单词更改为你需要的XAUTH认证方式的密码,该认证方式的用户名是随意的;
将上面的 test 改为自己想要的登录名, 12345678c改为自己想要的密码,可以添加多行,得到多个用户,这即是使用IKEv2的用户名+密码认证方式的登录凭据。
遵循:“主机 对等点 : 方法 <本机证书/协议密码> <本机证书密码>”的格式。以 :为分界,分别从左到右填充,除了各类密码缺失以 null (空格) 补位,其它都用 %any 补位(密码怎么可能是 %any)。
比如我的配置就是如下这样:
推荐本站淘宝优惠价购买喜欢的宝贝:
本文链接:https://hqyman.cn/post/443.html 非本站原创文章欢迎转载,原创文章需保留本站地址!
休息一下~~