ipsec.conf

1. version 2.0 # conforms to second version of ipsec.conf specification
2.  
3. # basic configuration
4. config setup
5. # Debug-logging controls: "none" for (almost) none, "all" for lots.
6. # klipsdebug=none
7. # plutodebug="control parsing"
8. # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
9. protostack=netkey
10. nat_traversal=yes
11. virtual_private=%v4:192.168.1.0/24
12. oe=off
13. plutodebug=none
14. plutostderrlog=/var/log/pluto.log
15. interfaces=%defaultroute
16. klipsdebug=none
17. # Enable this if you see "failed to find any available worker"
18. # nhelpers=0
19.  
20. conn L2TP-PSK
21. authby=secret
22. pfs=no
23. auto=add
24. keyingtries=3
25. rekey=no
26. type=transport
27. forceencaps=yes
28. right=%any
29. rightprotoport=17/0
30. # Using the magic port of "0" means "any one single port". This is
31. # a work around required for Apple OSX clients that use a randomly
32. # high port, but propose "0" instead of their port.
33. left=217.12.206.156
34. leftprotoport=17/1701
35. # Apple iOS doesn't send delete notify so we need dead peer detection
36. # to detect vanishing clients
37. dpddelay=10
38. dpdtimeout=90
39. dpdaction=clear
40.  
41. #You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
42. include /etc/ipsec.d/*.conf