2018-10-28 14:45:20 -05:00
|
|
|
connections {
|
|
|
|
loopback4 {
|
|
|
|
version = 1
|
|
|
|
local_addrs = LOOPBACKv4
|
|
|
|
remote_addrs = %any4
|
|
|
|
proposals = aes256-sha512-modp4096,aes128-sha1-modp2048
|
|
|
|
|
|
|
|
local {
|
|
|
|
auth = pubkey
|
|
|
|
certs = FQHOSTNAME.crt
|
|
|
|
id = "C=US, O=Wit, CN=FQHOSTNAME"
|
|
|
|
}
|
|
|
|
remote {
|
|
|
|
auth = pubkey
|
|
|
|
id = "C=US, O=Wit, CN=*"
|
|
|
|
}
|
|
|
|
|
|
|
|
children {
|
|
|
|
loopback4 {
|
2018-11-01 10:11:59 -05:00
|
|
|
interface = lo,feth+
|
2018-10-28 14:45:20 -05:00
|
|
|
remote_ts = IPSEC_IPV4_SUBNETS
|
|
|
|
local_ts = LOOPBACKv4
|
|
|
|
mode = transport
|
|
|
|
start_action = trap
|
|
|
|
esp_proposals = aes256-sha512-modp4096,aes128-sha1-modp2048
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
loopback6 {
|
|
|
|
version = 1
|
|
|
|
local_addrs = LOOPBACKv6
|
|
|
|
remote_addrs = %any6
|
|
|
|
proposals = aes256-sha512-modp4096,aes128-sha1-modp2048
|
|
|
|
|
|
|
|
local {
|
|
|
|
auth = pubkey
|
|
|
|
certs = FQHOSTNAME.crt
|
|
|
|
id = "C=US, O=Wit, CN=FQHOSTNAME"
|
|
|
|
}
|
|
|
|
remote {
|
|
|
|
auth = pubkey
|
|
|
|
id = "C=US, O=Wit, CN=*"
|
|
|
|
}
|
|
|
|
|
|
|
|
children {
|
|
|
|
loopback6 {
|
2018-11-01 10:11:59 -05:00
|
|
|
interface = lo,feth+
|
2018-10-28 14:45:20 -05:00
|
|
|
remote_ts = IPSEC_IPV6_SUBNETS
|
|
|
|
local_ts = LOOPBACKv6
|
|
|
|
mode = transport
|
|
|
|
start_action = trap
|
|
|
|
esp_proposals = aes256-sha512-modp4096,aes128-sha1-modp2048
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|