From 1b58b1067a3ef5b3e9f9ce654e9f39f2e70af4c0 Mon Sep 17 00:00:00 2001
From: root <root@mail.hoellein.online>
Date: Tue, 26 Mar 2019 15:36:38 +0100
Subject: [PATCH] strongswan Konfiguration funktioniert mit Fritz.Box

---
 ipsec.conf    | 67 ++++++++++++++++++++++++++++++++-------------------
 ipsec.secrets |  4 ++-
 2 files changed, 45 insertions(+), 26 deletions(-)

diff --git a/ipsec.conf b/ipsec.conf
index bc4279bfe..c37ec9324 100644
--- a/ipsec.conf
+++ b/ipsec.conf
@@ -45,29 +45,46 @@ config setup
 #
 #
 
-conn avm2swan
-    aggressive=yes
-    left=hoellein.online
-    leftsubnet=192.168.2.0/24
-    leftfirewall=yes
-    lefthostaccess=yes
-    right=home.hoellein.online
-    rightsubnet=192.168.1.0/24
-    rightallowany=yes
-    leftid="@hoellein.online"
-    rightid="@home.hoellein.online"
-    ike=aes256-sha1-modp1024
-    esp=aes256-sha1-modp1024
-    keyexchange=ikev1
-    ikelifetime=1h
-    margintime=9m
-    rekey=yes
-    reauth=yes
-    keylife=8h
-    compress=yes
-    dpddelay=30
-    dpdtimeout=60
-    dpdaction=restart
-    authby=secret
-    auto=add
+#conn avm2swan
+#    aggressive=yes
+#    left=hoellein.online
+#    leftsubnet=192.168.2.0/24
+#    leftfirewall=yes
+#    lefthostaccess=yes
+#    right=home.hoellein.online
+#    rightsubnet=192.168.1.0/24
+#    rightallowany=yes
+#    leftid="@hoellein.online"
+#    rightid="@home.hoellein.online"
+#    ike=aes256-sha1-modp1024
+#    esp=aes256-sha1-modp1024
+#    keyexchange=ikev1
+#    ikelifetime=1h
+#    margintime=9m
+#    rekey=yes
+#    reauth=yes
+#    keylife=8h
+#    compress=yes
+#    dpddelay=30
+#    dpdtimeout=60
+#    dpdaction=restart
+#    authby=secret
+#    auto=add
+#
+#
+#
+#
+conn %default
+ left=hoellein.online
+ leftsubnet=192.168.42.0/24
+ authby=secret
+ auto=start
 
+conn fb
+ ike=aes256-sha-modp1024
+ esp=aes256-sha1-modp1024
+ right=home.hoellein.online
+ rightid=@home.hoellein.online
+ rightsubnet=192.168.1.0/24
+ ikelifetime=3600s
+ keylife=3600s
diff --git a/ipsec.secrets b/ipsec.secrets
index 06e63e26e..d10325491 100644
--- a/ipsec.secrets
+++ b/ipsec.secrets
@@ -3,4 +3,6 @@
 # RSA private key for this host, authenticating it to any other host
 # which knows the public part.
 #@mail.hoellein.online @fritzbox : PSK "VERYSECRET;-)"
-hoellein.online @home.hoellein.online : PSK 'VERYSECRET;-)'
+#
+#hoellein.online @home.hoellein.online : PSK 'VERYSECRET;-)'
+@hoellein.online @home.hoellein.online : PSK "sicherISTsicher"
-- 
2.43.0