commit
5e67b98ed2
@ -1,27 +1,23 @@
|
||||
|
||||
# basic configuration
|
||||
config setup
|
||||
charondebug="ike 1, knl 1, cfg 0"
|
||||
uniqueids=no
|
||||
charondebug="all"
|
||||
uniqueids=yes
|
||||
strictcrlpolicy=no
|
||||
|
||||
conn ikev2-vpn
|
||||
auto=add
|
||||
compress=no
|
||||
type=tunnel
|
||||
keyexchange=ikev2
|
||||
fragmentation=yes
|
||||
forceencaps=yes
|
||||
dpdaction=clear
|
||||
dpddelay=300s
|
||||
rekey=no
|
||||
left=%any
|
||||
leftid=@vpn.awful.club
|
||||
leftcert=awful-server-cert.pem
|
||||
leftsendcert=always
|
||||
leftsubnet=0.0.0.0/0
|
||||
right=%any
|
||||
rightid=%any
|
||||
rightauth=eap-mschapv2
|
||||
rightsourceip=10.10.10.0/24
|
||||
rightdns=1.1.1.1,1.0.0.1
|
||||
rightsendcert=never
|
||||
eap_identity=%identity
|
||||
# connection to amsterdam datacenter
|
||||
conn home-to-digitalocean
|
||||
authby=secret
|
||||
left=%defaultroute
|
||||
leftid=165.22.156.25
|
||||
leftsubnet=10.138.0.0/16
|
||||
right=0.0.0.0
|
||||
rightsubnet=192.168.1.0/24
|
||||
ike=aes256-sha2_256-modp1024!
|
||||
esp=aes256-sha2_256!
|
||||
keyingtries=0
|
||||
ikelifetime=1h
|
||||
lifetime=8h
|
||||
dpddelay=30
|
||||
dpdtimeout=120
|
||||
dpdaction=restart
|
||||
auto=start
|
||||
|
@ -1,9 +0,0 @@
|
||||
# /etc/ipsec.secrets - strongSwan IPsec secrets file
|
||||
|
||||
: RSA "awful-server-key.pem"
|
||||
|
||||
jowj : EAP "fake-password"
|
||||
|
||||
# get secrets from other files
|
||||
include ipsec.*.secrets
|
||||
|
Loading…
Reference in new issue