58 lines
1.1 KiB
Plaintext
58 lines
1.1 KiB
Plaintext
|
config setup
|
||
|
#strictcrlpolicy = yes
|
||
|
|
cachecrls = yes
|
||
|
|
|
||
|
|
|
||
|
|
conn %default
|
||
|
|
#keyexchange = ikev2
|
||
|
|
keyingtries = %forever
|
||
|
|
mobike = no
|
||
|
|
dpdtimeout = 10
|
||
|
|
dpddelay = 2
|
||
|
|
dpdaction = hold
|
||
|
|
#closeaction = clear
|
||
|
|
#rekeyfuzz = 100%
|
||
|
|
ikelifetime = 4h
|
||
|
|
margintime = 12m
|
||
|
|
reauth = no
|
||
|
|
type = transport
|
||
|
|
ike = aes256-sha512-modp4096!
|
||
|
|
esp = aes256-sha512-modp4096!
|
||
|
|
leftcert = FQHOSTNAME.crt
|
||
|
|
leftid = "C=US, O=Wit, CN=FQHOSTNAME"
|
||
|
|
rightid = "C=US, O=Wit, CN=*"
|
||
|
|
auto = route
|
||
|
|
|
||
|
|
|
||
|
|
conn local4
|
||
|
|
left = LOOPBACKv4
|
||
|
|
leftsubnet = LOOPBACKv4
|
||
|
|
right = LOOPBACKv4
|
||
|
|
rightsubnet = LOOPBACKv4
|
||
|
|
authby = never
|
||
|
|
type = passthrough
|
||
|
|
|
||
|
|
|
||
|
|
conn local6
|
||
|
|
left = LOOPBACKv6
|
||
|
|
leftsubnet = LOOPBACKv6
|
||
|
|
right = LOOPBACKv6
|
||
|
|
rightsubnet = LOOPBACKv6
|
||
|
|
authby = never
|
||
|
|
type = passthrough
|
||
|
|
|
||
|
|
|
||
|
|
conn loopback4
|
||
|
|
left = LOOPBACKv4
|
||
|
|
leftsubnet = LOOPBACKv4
|
||
|
|
right = IPSEC_IPV4_SUBNETS
|
||
|
|
rightsubnet = IPSEC_IPV4_SUBNETS
|
||
|
|
|
||
|
|
|
||
|
|
conn loopback6
|
||
|
|
left = LOOPBACKv6
|
||
|
|
leftsubnet = LOOPBACKv6
|
||
|
|
right = %any6
|
||
|
|
rightsubnet = IPSEC_IPV6_SUBNETS
|
||
|
|
|