wit-network-config/files/ipsec.conf.wit

33 lines
702 B
Plaintext

config setup
#charondebug="all"
#uniqueids=yes
#strictcrlpolicy=yes
cachecrls=yes
#ca ca-wit #define alternative CRL distribution point
# cacert=ca-wit.crt
# crluri=ca-wit.crl
# auto=add
conn %default
mobike=no
keyingtries=%forever
dpdtimeout=10
dpddelay=3
dpdaction=restart
type=transport
keyexchange=ikev1
ike=aes128-sha1-modp2048!
esp=aes128-sha1-modp2048!
conn loopbacks
auto=route
leftsubnet=10.1.2.0/24,10.1.18.0/24,10.1.20.0/24
rightsubnet=10.1.2.0/24,10.1.18.0/24,10.1.20.0/24
right=%any
leftcert=HOSTNAME.DOMAINNAME.crt
leftid="C=US, O=Wit, CN=HOSTNAME.DOMAINNAME"
rightid="C=US, O=Wit, CN=*"