28 lines
631 B
Plaintext
28 lines
631 B
Plaintext
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
|
|
|
# left/local = client
|
|
# right/remote = gateway
|
|
|
|
config setup
|
|
|
|
conn %default
|
|
ikelifetime=60m
|
|
keylife=20m
|
|
rekeymargin=3m
|
|
keyingtries=1
|
|
keyexchange=ikev2
|
|
dpdaction={{dpdaction}}
|
|
|
|
conn home
|
|
auto={{auto}}
|
|
type=tunnel
|
|
left=%defaultroute # Use IP of default route for listening
|
|
leftcert={{certificate_path}} # Client certificate
|
|
leftid={{common_name}} # Client certificate identifier
|
|
leftfirewall=yes
|
|
right={{remote}} # Gateway IP address
|
|
rightid=%any # Allow any common name
|
|
rightsubnet=0.0.0.0/0 # Accept all subnets suggested by server
|
|
#rightcert=server.pem
|
|
|