wit-network-config/files/wit-swanctl.conf

56 lines
1.3 KiB
Plaintext

connections {
loopback4 {
local_addrs = LOOPBACKv4
remote_addrs = %any4
proposals = aes256-sha512-modp4096
local {
auth = pubkey
certs = FQHOSTNAME.crt
id = "C=US, O=Wit, CN=FQHOSTNAME"
}
remote {
auth = pubkey
id = "C=US, O=Wit, CN=*"
}
children {
loopback4 {
interface = lo
remote_ts = IPSEC_IPV4_SUBNETS
local_ts = LOOPBACKv4
mode = transport
start_action = trap
esp_proposals = aes256-sha512-modp4096
}
}
}
loopback6 {
local_addrs = LOOPBACKv6
remote_addrs = %any6
proposals = aes256-sha512-modp4096
local {
auth = pubkey
certs = FQHOSTNAME.crt
id = "C=US, O=Wit, CN=FQHOSTNAME"
}
remote {
auth = pubkey
id = "C=US, O=Wit, CN=*"
}
children {
loopback6 {
interface = lo
remote_ts = IPSEC_IPV6_SUBNETS
local_ts = LOOPBACKv6
mode = transport
start_action = trap
esp_proposals = aes256-sha512-modp4096
}
}
}
}