42 lines
677 B
Plaintext
Executable File
42 lines
677 B
Plaintext
Executable File
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
|
|
|
config setup
|
|
plutostart=no
|
|
|
|
conn %default
|
|
ikelifetime=60m
|
|
keylife=20m
|
|
rekeymargin=3m
|
|
keyingtries=1
|
|
keyexchange=ikev2
|
|
mobike=no
|
|
|
|
conn local-net
|
|
leftsubnet=10.1.0.0/16
|
|
rightsubnet=10.1.0.0/16
|
|
authby=never
|
|
type=pass
|
|
auto=route
|
|
|
|
conn venus-icmp
|
|
leftsubnet=10.1.0.20/32
|
|
rightsubnet=0.0.0.0/0
|
|
leftprotoport=icmp
|
|
rightprotoport=icmp
|
|
leftauth=any
|
|
rightauth=any
|
|
type=drop
|
|
auto=route
|
|
|
|
conn net-net
|
|
left=PH_IP_MOON
|
|
leftcert=moonCert.pem
|
|
leftid=@moon.strongswan.org
|
|
leftsubnet=10.1.0.0/16
|
|
leftfirewall=yes
|
|
lefthostaccess=yes
|
|
right=PH_IP_SUN
|
|
rightid=@sun.strongswan.org
|
|
rightsubnet=0.0.0.0/0
|
|
auto=add
|