wit-network-config/files/ipsec.conf.wit

42 lines
859 B
Plaintext
Raw Normal View History

2018-07-27 15:34:21 -05:00
config setup
#charondebug="all"
#uniqueids=yes
#strictcrlpolicy=yes
cachecrls=yes
#ca ca-wit #define alternative CRL distribution point
# cacert=ca-wit.crt
# crluri=ca-wit.crl
# auto=add
conn %default
keyingtries=%forever
dpdtimeout=10
dpddelay=3
dpdaction=restart
type=transport
keyexchange=ikev1
ike=aes256-sha512-modp4096,aes128-sha1-modp2048!
esp=aes256-sha512-modp4096,aes128-sha1-modp2048!
leftcert=FQHOSTNAME.crt
leftid="C=US, O=Wit, CN=FQHOSTNAME"
rightid="C=US, O=Wit, CN=*"
auto=route
2018-07-27 15:34:21 -05:00
conn loopback4
2018-10-31 17:06:30 -05:00
#leftsourceip=%config4
left=LOOPBACKv4
leftsubnet=LOOPBACKv4
rightsubnet=IPSEC_IPV4_SUBNETS
right=%any4
conn loopback6
2018-10-31 17:06:30 -05:00
#leftsourceip=%config6
left=LOOPBACKv6
leftsubnet=LOOPBACKv6
rightsubnet=IPSEC_IPV6_SUBNETS
right=%any6
2018-07-27 15:34:21 -05:00