Assumptions:
Server is a Fedora 17 Linode off in the cloud.
Disclaimer: Most of this has been pulled from
<!-- -->
wget http://download.strongswan.org/strongswan.tar.bz2
<!-- -->
tar -xvf strongswan.tar.bz2
sudo yum install gmp-devel openssl-devel
./configure --enable-eap-identity --enable-eap-mschapv2 --enable-md4 --enable-md5 --enable-openssl --enable-pkcs11 --enable-blowfish --enable-agent --enable-eap-md5 --enable-eap-peap --enable-eap-tls
make -j4
sudo make install
config setup
conn %default
keyexchange=ikev2
ike=aes256-sha1-modp1024!
esp=aes256-sha1!
dpdaction=clear
dpddelay=300s
rekey=no
conn roadwarrior
left=173.255.229.6
leftsubnet=0.0.0.0/0
leftauth=pubkey
leftfirewall=yes
leftcert=/etc/openvpn/keys/secure.seanmadden.net.crt
leftsendcert=always
right=%any
rightauth=eap-mschapv2
rightsendcert=never
rightsourceip=172.16.0.0/24
auto=start
Things to change:
# /etc/ipsec.secrets - strongSwan IPsec secrets file
: RSA /etc/openvpn/keys/secure.seanmadden.net.key
sean : EAP "password!"
Things to change:
iptables -t nat -A POSTROUTING -j SNAT --to-source 173.255.229.6
Things to change:
http://wiki.strongswan.org/projects/strongswan/wiki/Win7EapConfig
conn secure
left=%any
leftcert=orcus.crt
leftsourceip=%config
leftid=orcus
leftfirewall=yes
right=173.255.229.6
rightsubnet=0.0.0.0/0
rightcert=secure.seanmadden.net.crt
auto=start
conn secure
left=%any
leftcert=orcus.crt
leftdns=%config
leftsourceip=%config
leftid=orcus
leftfirewall=yes
right=173.255.229.6
rightsubnet=172.16.0.0/16
rightcert=secure.seanmadden.net.crt
auto=start