2015-08-13 08:11:08 +00:00
|
|
|
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
|
|
|
|
|
|
|
# left/local = gateway
|
|
|
|
# right/remote = client
|
|
|
|
|
|
|
|
config setup
|
2016-03-29 10:28:58 +00:00
|
|
|
cachecrls=yes
|
|
|
|
strictcrlpolicy=yes
|
2015-08-13 08:11:08 +00:00
|
|
|
|
|
|
|
conn %default
|
|
|
|
ikelifetime=60m
|
|
|
|
keylife=20m
|
|
|
|
rekeymargin=3m
|
|
|
|
keyingtries=1
|
|
|
|
keyexchange=ikev2
|
|
|
|
|
2015-10-17 17:36:12 +00:00
|
|
|
conn site-to-clients
|
2016-09-17 21:00:14 +00:00
|
|
|
auto=ignore
|
2015-08-13 08:11:08 +00:00
|
|
|
right=%any # Allow connecting from any IP address
|
2015-08-16 14:21:42 +00:00
|
|
|
rightsourceip={{subnet}} # Serve virtual IP-s from this pool
|
2016-03-29 09:28:10 +00:00
|
|
|
left={{common_name}} # Gateway IP address
|
2015-08-13 08:11:08 +00:00
|
|
|
leftcert={{certificate_path}} # Gateway certificate
|
2015-12-16 17:41:49 +00:00
|
|
|
{% if route %}
|
|
|
|
{% if route | length == 1 %}
|
2015-08-13 08:11:08 +00:00
|
|
|
leftsubnet={{route[0]}} # Advertise routes via this connection
|
2015-12-16 17:41:49 +00:00
|
|
|
{% else %}
|
2015-08-13 08:11:08 +00:00
|
|
|
leftsubnet={ {{ route | join(', ') }} }
|
2015-12-16 17:41:49 +00:00
|
|
|
{% endif %}
|
|
|
|
{% endif %}
|
2015-08-13 08:11:08 +00:00
|
|
|
|