2019-02-14 15:24:08 -06:00
|
|
|
# this file is dynamic and managed by wit-network-config, any changes will be lost
|
|
|
|
|
2018-10-28 14:45:20 -05:00
|
|
|
connections {
|
|
|
|
loopback4 {
|
|
|
|
local_addrs = LOOPBACKv4
|
|
|
|
remote_addrs = %any4
|
2018-11-30 11:27:18 -06:00
|
|
|
proposals = aes256-sha512-modp4096
|
2018-10-28 14:45:20 -05:00
|
|
|
|
|
|
|
local {
|
|
|
|
auth = pubkey
|
|
|
|
certs = FQHOSTNAME.crt
|
|
|
|
id = "C=US, O=Wit, CN=FQHOSTNAME"
|
|
|
|
}
|
|
|
|
remote {
|
|
|
|
auth = pubkey
|
|
|
|
id = "C=US, O=Wit, CN=*"
|
|
|
|
}
|
|
|
|
|
|
|
|
children {
|
|
|
|
loopback4 {
|
2018-12-01 11:29:29 -06:00
|
|
|
interface = lo
|
2018-10-28 14:45:20 -05:00
|
|
|
remote_ts = IPSEC_IPV4_SUBNETS
|
|
|
|
local_ts = LOOPBACKv4
|
|
|
|
mode = transport
|
|
|
|
start_action = trap
|
2018-11-30 11:27:18 -06:00
|
|
|
esp_proposals = aes256-sha512-modp4096
|
2018-10-28 14:45:20 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
loopback6 {
|
|
|
|
local_addrs = LOOPBACKv6
|
|
|
|
remote_addrs = %any6
|
2018-11-30 11:27:18 -06:00
|
|
|
proposals = aes256-sha512-modp4096
|
2018-10-28 14:45:20 -05:00
|
|
|
|
|
|
|
local {
|
|
|
|
auth = pubkey
|
|
|
|
certs = FQHOSTNAME.crt
|
|
|
|
id = "C=US, O=Wit, CN=FQHOSTNAME"
|
|
|
|
}
|
|
|
|
remote {
|
|
|
|
auth = pubkey
|
|
|
|
id = "C=US, O=Wit, CN=*"
|
|
|
|
}
|
|
|
|
|
|
|
|
children {
|
|
|
|
loopback6 {
|
2018-12-01 11:29:29 -06:00
|
|
|
interface = lo
|
2018-10-28 14:45:20 -05:00
|
|
|
remote_ts = IPSEC_IPV6_SUBNETS
|
|
|
|
local_ts = LOOPBACKv6
|
|
|
|
mode = transport
|
|
|
|
start_action = trap
|
2018-11-30 11:27:18 -06:00
|
|
|
esp_proposals = aes256-sha512-modp4096
|
2018-10-28 14:45:20 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|