Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # /etc/ipsec.conf - Libreswan IPsec configuration file
- # Uncomment when using this configuration file with openswan
- #version 2
- #
- # Manual: ipsec.conf.5
- config setup
- # which IPsec stack to use, "netkey" (the default), "klips" or "mast".
- # For MacOSX use "bsd"
- protostack=netkey
- #
- # Normally, pluto logs via syslog. If you want to log to a file,
- # specify below or to disable logging, eg for embedded systems, use
- # the file name /dev/null
- # Note: SElinux policies might prevent pluto writing to a log file at
- # an unusual location.
- logfile=/var/log/pluto.log
- #
- # Do not enable debug options to debug configuration issues!
- #
- # plutodebug "all", "none" or a combation from below:
- # "raw crypt parsing emitting control controlmore kernel pfkey
- # natt x509 dpd dns oppo oppoinfo private".
- # Note: "private" is not included with "all", as it can show confidential
- # information. It must be specifically specified
- # examples:
- # plutodebug="control parsing"
- # plutodebug="all crypt"
- # Again: only enable plutodebug when asked by a developer
- #plutodebug=none
- #
- # Enable core dumps (might require system changes, like ulimit -C)
- # This is required for abrtd to work properly
- # Note: SElinux policies might prevent pluto writing the core at
- # unusual locations
- dumpdir=/var/run/pluto/
- #
- # NAT-TRAVERSAL support
- # exclude networks used on server side by adding %v4:!a.b.c.0/24
- # It seems that T-Mobile in the US and Rogers/Fido in Canada are
- # using 25/8 as "private" address space on their wireless networks.
- # This range has never been announced via BGP (at least upto 2015)
- #virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
- nat_traversal=yes
- virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
- oe=off
- #plutoopts="--interface=wlp3s0"
- conn L2TP-PSK
- authby=secret
- pfs=no
- auto=add
- keyingtries=3
- dpddelay=30
- dpdtimeout=120
- dpdaction=clear
- rekey=yes
- ikelifetime=8h
- keylife=1h
- type=transport
- left=%defaultroute
- leftnexthop=%defaultroute
- leftprotoport=17/1701
- right=123.123.123.123
- # For example connections, see your distribution's documentation directory,
- # or https://libreswan.org/wiki/
- #
- # There is also a lot of information in the manual page, "man ipsec.conf"
- #
- # It is best to add your IPsec connections as separate files in /etc/ipsec.d/
- #include /etc/ipsec.d/*.conf
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement