pinecrypt/pinecrypt-gateway-frontend
2
1
Fork 0
Code Issues 4 Pull Requests Projects Activity
4254a9c567
pinecrypt-gateway-frontend/templates/snippets/strongswan-client.sh
Lauri Võsandi d121e8417c Initial commit
2021-05-27 13:15:46 +03:00

29 lines
1.0 KiB
Bash
Raw Blame History

cat > /etc/ipsec.conf << EOF
config setup
strictcrlpolicy=yes
ca {{ authority.namespace }}
auto=add
cacert=/etc/certidude/authority/{{ authority.namespace }}/ca_cert.pem
conn client-to-site
auto=start
right={{ authority.namespace }}
rightsubnet=0.0.0.0/0
rightca="{{ session.authority.certificate.distinguished_name }}"
left=%defaultroute
leftcert=/etc/certidude/authority/{{ authority.namespace }}/host_cert.pem
leftsourceip=%config
leftca="{{ session.authority.certificate.distinguished_name }}"
keyexchange=ikev2
keyingtries=%forever
dpdaction=restart
closeaction=restart
ike=aes256-sha384-{% if session.authority.certificate.algorithm == "ec" %}ecp384{% else %}modp2048{% endif %}!
esp=aes128gcm16-aes128gmac-{% if session.authority.certificate.algorithm == "ec" %}ecp384{% else %}modp2048{% endif %}!
EOF
echo ": {% if session.authority.certificate.algorithm == "ec" %}ECDSA{% else %}RSA{% endif %} {{ authority.namespace }}.pem" > /etc/ipsec.secrets
ipsec restart
Reference in New Issue View Git Blame Copy Permalink