Configuring gateway Moon

At first, we set up the gateway Moon using a traditional X.509 certificate.

Edit /etc/ipsec.conf

# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup
    crlcheckinterval=180
    strictcrlpolicy=no
    charonstart=no
    plutostart=yes
    plutodebug = all
    plutostderrlog = /var/log/pluto.log

conn %default
    ikelifetime=60m
    keylife=20m
    rekeymargin=3m
    keyingtries=1
    keyexchange=ikev1

conn rw
    left=%defaultroute
    leftcert=moonCert.pem
    leftsubnet=10.1.0.0/16
    leftfirewall=yes
    right=%any
    auto=add

Edit /etc/ipsec.secrets:

# /etc/ipsec.secrets - strongSwan IPsec secrets file

: RSA moonKey.pem

Edit /etc/strongswan.conf:

# /etc/strongswan.conf - strongSwan configuration file

charon {
load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
}

libstrongswan {
integrity_test = yes
crypto_test {
on_add = yes
}
}

Install Moon RSA key and X.509 certificate:

/etc/ipsec.d/certs/moonCert.pem: X.509 certificate.
/etc/ipsec.d/private/moonKey.pem: RSA private key.

Restart strongSwan:

$ /etc/init.d/ipsec restart

Bookmark/Search this post with

Learn how to buy without VAT. Read our shipping policies. Validate your account using SMS to allow shipping small items at low price.

Feitian PKI: 12.90€

Buy the FEITIAN PKI card for only 12.90€. We ship to any European-Union country starting from 0.90 €. Learn more ...

Feitian ePass PKI token: 34.90€

Discover the best token for GNU/Linux, Mac OS X and Windows. Full support from OpenSC free software solutions, no proprietary driver needed.

PIN code security.
RSA keys up to 2048bit.
Standard X.509 v3 certificates.
On-board RSA DES 3DES SHA1.
Both PKCS#11 and MS-CAPI.
64K user space.
Compatible with: Iceweasel, Firefox, Evolution, Seahorse, OpenSSL, OpenSSH, PAM P11 and PAM PKCS11 authentication modules, Strongswan, Putty CAC, WinSCP, LoopAES, Truecrypt, etc...
Tested with online CAs like CaCert.org and StartSSL.

Buy the FEITIAN ePass PKI token for only 34.90€ ... 30 day satisfied or cash back.

Fast delivery
Order placed on GOOZE before 15:00 are shipped the same day. Orders placed after 15:00 are shipped next business day.

Apply for a free FEITIAN PKI card

GOOZE and FEITIAN are happy to donate 20 Feitian PKI cards to Free Software projects. If your project meets certain criteria, please apply for a free card.

Translating GOOZE

GOOZE is being translated into French. Thank you for your patience!

Configuring gateway Moon

Catalog

My account

Upcoming events

Feitian PKI: 12.90€

Feitian ePass PKI token: 34.90€

Apply for a free FEITIAN PKI card

Translating GOOZE