35 lines
565 B
Plaintext
35 lines
565 B
Plaintext
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
|
|
|
config setup
|
|
charondebug="tnc 3, imv 3, pts 3"
|
|
|
|
conn %default
|
|
ikelifetime=60m
|
|
keylife=20m
|
|
rekeymargin=3m
|
|
keyingtries=1
|
|
keyexchange=ikev2
|
|
|
|
conn rw-allow
|
|
rightgroups=allow
|
|
leftsubnet=10.1.0.0/28
|
|
also=rw-eap
|
|
auto=add
|
|
|
|
conn rw-isolate
|
|
rightgroups=isolate
|
|
leftsubnet=10.1.0.16/28
|
|
also=rw-eap
|
|
auto=add
|
|
|
|
conn rw-eap
|
|
left=PH_IP_MOON
|
|
leftcert=moonCert.pem
|
|
leftid=@moon.strongswan.org
|
|
leftauth=eap-ttls
|
|
leftfirewall=yes
|
|
rightauth=eap-ttls
|
|
rightid=*@strongswan.org
|
|
rightsendcert=never
|
|
right=%any
|