28 lines
744 B
Plaintext
28 lines
744 B
Plaintext
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
|
|
|
# left/local = client
|
|
# right/remote = gateway
|
|
|
|
config setup
|
|
|
|
conn %default
|
|
ikelifetime=60m
|
|
keylife=20m
|
|
rekeymargin=3m
|
|
keyingtries=1
|
|
keyexchange=ikev2
|
|
dpdaction={{dpdaction}}
|
|
closeaction=restart
|
|
|
|
conn client-to-site
|
|
auto={{auto}}
|
|
left=%defaultroute # Use IP of default route for listening
|
|
leftsourceip=%config # Accept server suggested virtual IP as inner address for tunnel
|
|
leftcert={{certificate_path}} # Client certificate
|
|
leftid={{common_name}} # Client certificate identifier
|
|
leftfirewall=yes # Local machine may be behind NAT
|
|
right={{remote}} # Gateway IP address
|
|
rightid=%any # Allow any common name
|
|
rightsubnet=0.0.0.0/0 # Accept all subnets suggested by server
|
|
|