jcarr
/
wit-network-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ipsec: no changes, just unified formating and cleanup of config

This commit is contained in:
toby 2018-12-05 21:26:06 +01:00
parent 51f6a94ccd
commit 0494fb2e21
1 changed files with 35 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
files/ipsec.conf.wit
View File

@ -1,56 +1,56 @@
config setup
#strictcrlpolicy=yes
cachecrls=yes
#strictcrlpolicy = yes
cachecrls = yes
conn %default
#keyexchange=ikev2
keyingtries=%forever
dpdtimeout=10
dpddelay=2
dpdaction=hold
#closeaction=none
#keyexchange = ikev2
keyingtries = %forever
dpdtimeout = 10
dpddelay = 2
dpdaction = hold
#closeaction = none
#rekeyfuzz = 100%
ikelifetime = 4h
margintime = 12m
reauth = no
type=transport
ike=aes256-sha512-modp4096!
esp=aes256-sha512-modp4096!
leftcert=FQHOSTNAME.crt
leftid="C=US, O=Wit, CN=FQHOSTNAME"
rightid="C=US, O=Wit, CN=*"
auto=route
type = transport
ike = aes256-sha512-modp4096!
esp = aes256-sha512-modp4096!
leftcert = FQHOSTNAME.crt
leftid = "C=US, O=Wit, CN=FQHOSTNAME"
rightid = "C=US, O=Wit, CN=*"
auto = route
conn local4
left=LOOPBACKv4
leftsubnet=LOOPBACKv4
right=LOOPBACKv4
rightsubnet=LOOPBACKv4
auth=none
type=passthrough
left = LOOPBACKv4
leftsubnet = LOOPBACKv4
right = LOOPBACKv4
rightsubnet = LOOPBACKv4
auth = none
type = passthrough
conn loopback4
left=LOOPBACKv4
leftsubnet=LOOPBACKv4
right=IPSEC_IPV4_SUBNETS
rightsubnet=IPSEC_IPV4_SUBNETS
left = LOOPBACKv4
leftsubnet = LOOPBACKv4
right = IPSEC_IPV4_SUBNETS
rightsubnet = IPSEC_IPV4_SUBNETS
conn local6
left=LOOPBACKv6
leftsubnet=LOOPBACKv6
right=LOOPBACKv6
rightsubnet=LOOPBACKv6
auth=none
type=passthrough
left = LOOPBACKv6
leftsubnet = LOOPBACKv6
right = LOOPBACKv6
rightsubnet = LOOPBACKv6
auth = none
type = passthrough
conn loopback6
left=LOOPBACKv6
leftsubnet=LOOPBACKv6
right=%any6
rightsubnet=IPSEC_IPV6_SUBNETS
left = LOOPBACKv6
leftsubnet = LOOPBACKv6
right = %any6
rightsubnet = IPSEC_IPV6_SUBNETS