$
, strip out $
as this character is not part of the commandcat << "EOF"
, select all lines at once (from cat << "EOF"
to EOF
inclusively) as they are part of the same (single) commandstrongswan-certs
directoryHeads-up: replace
~/.ssh/pi
with path to private key andpi@10.0.1.248
with SSH destination of client computer.
Heads-up: input rules are likely already configured (run
iptables-save
andip6tables-save
to check).
Heads-up: if you are shown an “Old runlevel management superseded” warning, answer “Ok”.
Heads-up: replace
185.193.126.203
with IP of strongSwan server.
/etc/ipsec.conf
/etc/ipsec.secrets
On certificate authority computer, run:
On client computer, run output from previous command:
On certificate authority computer, run:
On client computer, run output from previous command:
On certificate authority computer, run:
On client computer, run output from previous command:
On client computer, run chmod -R 600 /etc/ipsec.d/private
ESTABLISHED
👍
185.193.126.203
👍
Heads-up: use following steps to assign static IP to strongSwan client.
Heads-up: replace
185.193.126.203
with IP of strongSwan server.
Heads-up: replace
10.0.2.171
with IP assigned to strongSwan client by strongSwan server (see step 10).
dhcp-host=7a:a7:9f:c0:9d:b0,10.0.2.2
👍
Heads-up: replace
~/.ssh/pi
with path to private key andpi@10.0.1.248
with SSH destination of client computer.
10.0.2.2
10.0.2.2/32
👍