Last active
December 13, 2016 18:43
-
-
Save olegvg/b3517e2bd116559d70c7fdfae8819492 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ipsec.conf - strongSwan IPsec configuration file | |
# basic configuration | |
config setup | |
#charondebug="cfg 3, dmn 3, ike 3, net 3, chd 3, mgr 3" | |
#strictcrlpolicy=yes | |
uniqueids=no | |
# Add connections here. | |
conn %default | |
ike=aes256-sha256-modp1024 | |
esp=aes256-sha256 | |
ikelifetime=600m | |
keylife=600m | |
reauth=no | |
rekey=yes | |
#rekeymargin=3m | |
keyingtries=%forever | |
closeaction=restart | |
compress=yes | |
dpdaction=restart | |
dpddelay=20s | |
dpdtimeout=60s | |
mobike=yes | |
conn xauth-roadwarrior-ipsec-server | |
keyexchange=ikev1 | |
authby=psk | |
type=tunnel | |
forceencaps=yes # force all to be nat'ed. because of iOS | |
left=%defaultroute | |
leftid=@ciscoauth | |
leftsubnet=0.0.0.0/0,::/0 | |
right=%any | |
rightauth2=xauth | |
rightsourceip=10.31.1.0/24 | |
rightdns=8.8.8.8,8.8.4.4 | |
auto=add | |
conn kiev | |
keyexchange=ikev1 | |
ike=aes256-sha512-modp4096 | |
esp=aes256-sha256 | |
authby=psk | |
type=tunnel | |
left=xx.xx.xx.xx | |
leftsubnet=10.200.0.0/16 | |
leftsourceip=10.200.255.254 | |
right=yy.yy.yy.yy | |
rightsubnet=192.168.0.0/24 | |
#rightsourceip=192.168.0.1 | |
auto=start | |
include /var/lib/strongswan/ipsec.conf.inc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This file holds shared secrets or RSA private keys for authentication. | |
# RSA private key for this host, authenticating it to any other host | |
# which knows the public part. | |
# this file is managed with debconf and will contain the automatically created private key | |
include /var/lib/strongswan/ipsec.secrets.inc | |
@ciscoauth %any : PSK "keykeykeykeykey" | |
test : XAUTH "zzzzzzzzzz" | |
xx.xx.xx.xx yy.yy.yy.yy : PSK "keykeykeykeykeykeykeykey" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment