| # ipsec.conf - strongSwan IPsec configuration file | |
| config setup | |
| uniqueids=no | |
| charondebug="cfg 2, dmn 2, ike 2, net 0" | |
| conn %default | |
| dpdaction=clear | |
| dpddelay=300s | |
| rekey=no | |
| left=%defaultroute | |
| leftfirewall=yes | |
| right=%any | |
| ikelifetime=60m | |
| keylife=20m | |
| rekeymargin=3m | |
| keyingtries=1 | |
| auto=add | |
| ####################################### | |
| # L2TP Connections | |
| ####################################### | |
| conn L2TP-IKEv1-PSK | |
| type=transport | |
| keyexchange=ikev1 | |
| authby=secret | |
| leftprotoport=udp/l2tp | |
| left=%any | |
| right=%any | |
| rekey=no | |
| forceencaps=yes | |
| ####################################### | |
| # Default non L2TP Connections | |
| ####################################### | |
| conn Non-L2TP | |
| leftsubnet=0.0.0.0/0 | |
| rightsubnet=10.0.0.0/24 | |
| rightsourceip=10.0.0.0/24 | |
| ####################################### | |
| # EAP Connections | |
| ####################################### | |
| # This detects a supported EAP method | |
| conn IKEv2-EAP | |
| also=Non-L2TP | |
| keyexchange=ikev2 | |
| eap_identity=%any | |
| rightauth=eap-dynamic | |
| ####################################### | |
| # PSK Connections | |
| ####################################### | |
| conn IKEv2-PSK | |
| also=Non-L2TP | |
| keyexchange=ikev2 | |
| authby=secret | |
| # Cisco IPSec | |
| conn IKEv1-PSK-XAuth | |
| also=Non-L2TP | |
| keyexchange=ikev1 | |
| leftauth=psk | |
| rightauth=psk | |
| rightauth2=xauth | |