API tools faq
paste
Advertisement
Guest User

strongswan_configs

a guest
Apr 28th, 2014
68
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.92 KB | None | 0 0
raw download clone embed print report diff
  1. cat ipsec.conf
  2. ====================================================
  3. config setup
  4.  
  5. conn %default
  6. ikelifetime=1440m
  7. keylife=60m
  8. rekeymargin=3m
  9. keyingtries=1
  10. keyexchange=ikev2
  11. rekey=no
  12.  
  13. conn rw_win7
  14. ike=aes256-sha1-modp1024!
  15. esp=aes256-sha1!
  16. dpdaction=clear
  17. dpddelay=300s
  18. left=134.202.84.62
  19. leftsubnet=172.16.1.0/24
  20. leftprotoport=17/1701
  21. leftauth=psk
  22. right=%any
  23. rightprotoport=17/%any
  24. rightauth=eap-mschapv2
  25. rightsourceip=172.16.1.11
  26. eap_identity=%any
  27. auto=add
  28. =======================================================================
  29. cat strongswan.conf
  30. =======================================================================
  31. charon {
  32. load = curl test-vectors aes des sha1 sha2 md4 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default attr unity xauth-generic eap-identity eap-mschapv2 ha
  33. cisco_unity = yes
  34. i_dont_care_about_security_and_use_aggressive_mode_psk = yes
  35. dh_exponent_ansi_x9_42 = no
  36. plugins {
  37. attr {
  38. #split-exclude = 192.168.0.0/24
  39. }
  40. }
  41. filelog {
  42. /var/log/charon.log {
  43. time_format = %b %e %T
  44. ike_name = yes
  45. append = no
  46. default = 2
  47. flush_line = yes
  48. }
  49. }
  50. }
  51. =========================================================================
  52. cat /etc/xl2tpd/xl2tpd.conf
  53. =========================================================================
  54. [global] ; Global parameters:
  55. port = 1701 ; * Bind to port 1701
  56. auth file = /etc/xl2tpd/l2tp-secrets ; * Where our challenge secrets are
  57. access control = no ; * Refuse connections without IP match
  58. rand source = dev ; Source for entropy for random
  59.  
  60. [lns default] ; Our fallthrough LNS definition
  61. exclusive = no ; * Only permit one tunnel per host
  62. ip range = 172.16.1.11-172.16.1.20 ; IP range to give to clients here
  63. local ip = 172.16.1.10 ; L2TP end of the tunnel-this_machine
  64. refuse pap = yes ; * Refuse PAP authentication
  65. refuse chap = yes
  66. require authentication = yes ; Require authentication
  67. name = win7
  68. ppp debug = yes ; * Turn on PPP debugging
  69. pppoptfile = /etc/ppp/options.xl2tpd ; * ppp options file
  70.  
  71. ==========================================================================
  72. cat /etc/ppp/options.xl2tpd
  73. ==========================================================================
  74. require-mschap-v2
  75. ms-dns 8.8.8.8
  76. proxyarp
  77. asyncmap 0
  78. auth
  79. crtscts
  80. lock
  81. hide-password
  82. modem
  83. debug
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!