API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 14th, 2016
222
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.82 KB | None | 0 0
raw download clone embed print report
  1. # /etc/ipsec.conf - Libreswan IPsec configuration file
  2.  
  3. # Uncomment when using this configuration file with openswan
  4. #version 2
  5. #
  6. # Manual: ipsec.conf.5
  7.  
  8. config setup
  9. # which IPsec stack to use, "netkey" (the default), "klips" or "mast".
  10. # For MacOSX use "bsd"
  11. protostack=netkey
  12. #
  13. # Normally, pluto logs via syslog. If you want to log to a file,
  14. # specify below or to disable logging, eg for embedded systems, use
  15. # the file name /dev/null
  16. # Note: SElinux policies might prevent pluto writing to a log file at
  17. # an unusual location.
  18. logfile=/var/log/pluto.log
  19. #
  20. # Do not enable debug options to debug configuration issues!
  21. #
  22. # plutodebug "all", "none" or a combation from below:
  23. # "raw crypt parsing emitting control controlmore kernel pfkey
  24. # natt x509 dpd dns oppo oppoinfo private".
  25. # Note: "private" is not included with "all", as it can show confidential
  26. # information. It must be specifically specified
  27. # examples:
  28. # plutodebug="control parsing"
  29. # plutodebug="all crypt"
  30. # Again: only enable plutodebug when asked by a developer
  31. #plutodebug=none
  32. #
  33. # Enable core dumps (might require system changes, like ulimit -C)
  34. # This is required for abrtd to work properly
  35. # Note: SElinux policies might prevent pluto writing the core at
  36. # unusual locations
  37. dumpdir=/var/run/pluto/
  38. #
  39. # NAT-TRAVERSAL support
  40. # exclude networks used on server side by adding %v4:!a.b.c.0/24
  41. # It seems that T-Mobile in the US and Rogers/Fido in Canada are
  42. # using 25/8 as "private" address space on their wireless networks.
  43. # This range has never been announced via BGP (at least upto 2015)
  44. #virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
  45. nat_traversal=yes
  46. virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
  47. oe=off
  48. #plutoopts="--interface=wlp3s0"
  49. conn L2TP-PSK
  50. authby=secret
  51. pfs=no
  52. auto=add
  53. keyingtries=3
  54. dpddelay=30
  55. dpdtimeout=120
  56. dpdaction=clear
  57. rekey=yes
  58. ikelifetime=8h
  59. keylife=1h
  60. type=transport
  61. left=%defaultroute
  62. leftnexthop=%defaultroute
  63. leftprotoport=17/1701
  64. right=123.123.123.123
  65.  
  66. # For example connections, see your distribution's documentation directory,
  67. # or https://libreswan.org/wiki/
  68. #
  69. # There is also a lot of information in the manual page, "man ipsec.conf"
  70. #
  71. # It is best to add your IPsec connections as separate files in /etc/ipsec.d/
  72. #include /etc/ipsec.d/*.conf
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!