Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- version 2
- config setup
- strictcrlpolicy=no
- charondebug="ike 2, knl 2, cfg 2, mgr 2, chd 2, lib 2, net 2"
- conn %default
- ikelifetime=1440m
- keylife=60m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev1
- authby=xauthpsk
- conn home
- keyexchange=ikev1
- ikelifetime=1440m
- keylife=60m
- aggressive=yes
- ike=aes-sha1-modp1024 #Phase1 parameters
- esp=aes128-sha1-modp1024 #Phase2 parameters
- xauth=client #Xauth client mode
- left=%and
- leftid=userid
- leftsourceip=%config
- leftauth=psk
- rightauth=psk
- leftauth2=xauth #use PSK for group RA and Xauth for user cisco
- right=10.3.0.2
- rightsubnet=0.0.0.0/0
- xauth_identity=user-pass
- auto=route
- dpdaction=restart
- dpddelay=30s
- dpdtimeout=150s
- type=tunnel
- leftupdown=/scripts/tun_updown.sh
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement