Enable IPv6 for IPSec

This commit is contained in:
Lauri Võsandi 2021-05-09 06:33:15 +00:00
parent 1a5836c2ce
commit f80321c8a1
1 changed files with 2 additions and 2 deletions

View File

@ -438,10 +438,10 @@ def certidude_enroll(fork, no_wait, kerberos):
config["conn", endpoint]["keyingtries"] = "%forever" config["conn", endpoint]["keyingtries"] = "%forever"
config["conn", endpoint]["dpdaction"] = "restart" config["conn", endpoint]["dpdaction"] = "restart"
config["conn", endpoint]["closeaction"] = "restart" config["conn", endpoint]["closeaction"] = "restart"
config["conn", endpoint]["rightsubnet"] = "0.0.0.0/0" config["conn", endpoint]["rightsubnet"] = "0.0.0.0/0,::/0"
config["conn", endpoint]["ike"] = "%s!" % bootstrap["strongswan"]["ike"] config["conn", endpoint]["ike"] = "%s!" % bootstrap["strongswan"]["ike"]
config["conn", endpoint]["esp"] = "%s!" % bootstrap["strongswan"]["esp"] config["conn", endpoint]["esp"] = "%s!" % bootstrap["strongswan"]["esp"]
config["conn", endpoint]["leftsourceip"] = "%config" config["conn", endpoint]["leftsourceip"] = "%config,%config6"
config["conn", endpoint]["leftcert"] = certificate_path config["conn", endpoint]["leftcert"] = certificate_path
# leftca="$AUTHORITY_CERTIFICATE_DISTINGUISHED_NAME" # leftca="$AUTHORITY_CERTIFICATE_DISTINGUISHED_NAME"
# rightca="$AUTHORITY_CERTIFICATE_DISTINGUISHED_NAME" # rightca="$AUTHORITY_CERTIFICATE_DISTINGUISHED_NAME"