ipsec.conf

1. root@DARKSTARVPN:/etc# cat ./ipsec.conf
2. # /etc/ipsec.conf - Openswan IPsec configuration file
3.  
4. # This file: /usr/share/doc/openswan/ipsec.conf-sample
5. #
6. # Manual: ipsec.conf.5
7.  
8.  
9. version 2.0 # conforms to second version of ipsec.conf specification
10.  
11. # basic configuration
12.  
13.  
14. config setup
15. interfaces=%defaultroute
16. klipsdebug=none
17. nat_traversal=yes
18. nhelpers=0
19. oe=off
20. plutodebug=none
21. plutostderrlog=/var/log/pluto.log
22. protostack=netkey
23. virtual_private=%v4:10.13.8.5/14
24.  
25. conn L2TP-PSK
26. authby=secret
27. pfs=no
28. auto=add
29. keyingtries=3
30. rekey=no
31. type=transport
32. forceencaps=yes
33. right=%any
34. rightsubnet=vhost:%no
35. rightprotoport=17/0
36. # Using the magic port of "0" means "any one single port". This is
37. # a work around required for Apple OSX clients that use a randomly
38. # high port, but propose "0" instead of their port.
39. left=%defaultroute
40. leftprotoport=17/1701
41. # Apple iOS doesn't send delete notify so we need dead peer detection
42. # to detect vanishing clients
43. dpddelay=10
44. dpdtimeout=90
45. dpdaction=clear