31 lines
684 B
Plaintext
31 lines
684 B
Plaintext
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
|
|
|
# left/local = gateway
|
|
# right/remote = client
|
|
|
|
config setup
|
|
cachecrls=yes
|
|
strictcrlpolicy=yes
|
|
|
|
conn %default
|
|
ikelifetime=60m
|
|
keylife=20m
|
|
rekeymargin=3m
|
|
keyingtries=1
|
|
keyexchange=ikev2
|
|
|
|
conn site-to-clients
|
|
auto=ignore
|
|
right=%any # Allow connecting from any IP address
|
|
rightsourceip={{subnet}} # Serve virtual IP-s from this pool
|
|
left={{common_name}} # Gateway IP address
|
|
leftcert={{certificate_path}} # Gateway certificate
|
|
{% if route %}
|
|
{% if route | length == 1 %}
|
|
leftsubnet={{route[0]}} # Advertise routes via this connection
|
|
{% else %}
|
|
leftsubnet={ {{ route | join(', ') }} }
|
|
{% endif %}
|
|
{% endif %}
|
|
|