Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| inbox:strongswan_certificates [2019/03/20 06:36] – Section heading levels corrected tmomas | inbox:strongswan_certificates [2019/05/12 12:40] – [Client configuration] marcolabreu | ||
|---|---|---|---|
| Line 49: | Line 49: | ||
| opkg update | opkg update | ||
| - | opkg install strongswan-default strongswan-pki ipset strongswan-mod-openssl strongswan-mod-curl strongswan-mod-dhcp strongswan-mod-eap-tls strongswan-mod-eap-identity strongswan-mod-kernel-libipsec kmod-tun openssl-util strongswan-mod-test-vectors strongswan-mod-farp | + | opkg install |
| Also, for dynamic DHCP to work, you need to use full version of dnsmasq. | Also, for dynamic DHCP to work, you need to use full version of dnsmasq. | ||
| Line 248: | Line 248: | ||
| dhcp { | dhcp { | ||
| force_server_address = yes | force_server_address = yes | ||
| + | # | ||
| + | # uncomment the line above if log shows that DHCP | ||
| + | # offer can't be accepted | ||
| identity_lease = yes | identity_lease = yes | ||
| server = 192.168.255.255 | server = 192.168.255.255 | ||
| Line 295: | Line 298: | ||
| COUNTRY=" | COUNTRY=" | ||
| ORG=" | ORG=" | ||
| + | #Change above to your org and country code | ||
| VALIDDAYS=" | VALIDDAYS=" | ||
| Line 355: | Line 359: | ||
| - p12/ | - p12/ | ||
| - | Where USERID is what you entered when using **mk-client.sh** | + | Where SRVNAME is what was used on **mk-server.sh**, |
| Copy these certificates to client device somehow (mail them, scp them, etc..) and install them (as trusted). | Copy these certificates to client device somehow (mail them, scp them, etc..) and install them (as trusted). | ||
| Line 361: | Line 365: | ||
| VPN Type: | VPN Type: | ||
| - | Server Address: | + | Server Address: |
| - | Remote ID: server domain | + | Remote ID: SRVNAME |
| Local ID: USERID | Local ID: USERID | ||