61 lines
1.2 KiB
Plaintext
61 lines
1.2 KiB
Plaintext
# this file is dynamic and managed by wit-network-config, any changes will be lost
|
|
|
|
config setup
|
|
#strictcrlpolicy = yes
|
|
cachecrls = yes
|
|
|
|
|
|
conn %default
|
|
keyexchange = ikev2
|
|
keyingtries = %forever
|
|
mobike = no
|
|
dpdtimeout = 10
|
|
dpddelay = 2
|
|
dpdaction = hold
|
|
#closeaction = clear
|
|
#rekeyfuzz = 100%
|
|
ikelifetime = 4h
|
|
margintime = 12m
|
|
reauth = no
|
|
type = transport
|
|
ike = aes256-sha512-modp4096!
|
|
esp = aes256-sha512-modp4096!
|
|
leftcert = FQHOSTNAME.crt
|
|
leftid = "C=US, O=Wit, CN=FQHOSTNAME"
|
|
rightid = "C=US, O=Wit, CN=*"
|
|
rightid2 = "C=US, O=Wit, OU=DCs, OU=PhyNodes, OU=ipsec, CN=*"
|
|
auto = route
|
|
|
|
|
|
conn local4
|
|
left = LOOPBACKv4
|
|
leftsubnet = LOOPBACKv4
|
|
right = LOOPBACKv4
|
|
rightsubnet = LOOPBACKv4
|
|
authby = never
|
|
type = passthrough
|
|
|
|
|
|
conn local6
|
|
left = LOOPBACKv6
|
|
leftsubnet = LOOPBACKv6
|
|
right = LOOPBACKv6
|
|
rightsubnet = LOOPBACKv6
|
|
authby = never
|
|
type = passthrough
|
|
|
|
|
|
conn loopback4
|
|
left = LOOPBACKv4
|
|
leftsubnet = LOOPBACKv4
|
|
right = IPSEC_IPV4_SUBNETS
|
|
rightsubnet = IPSEC_IPV4_SUBNETS
|
|
|
|
|
|
conn loopback6
|
|
left = LOOPBACKv6
|
|
leftsubnet = LOOPBACKv6
|
|
right = %any6
|
|
rightsubnet = IPSEC_IPV6_SUBNETS
|
|
|