Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #/etc/ipsec.conf
- version 2.0 # conforms to second version of ipsec.conf specification
- config setup
- # Do not set debug options to debug configuration issues!
- # plutodebug / klipsdebug = "all", "none" or a combation from below:
- # "raw crypt parsing emitting control klips pfkey natt x509 dpd private"
- # eg:
- # plutodebug="control parsing"
- #
- # enable to get logs per-peer
- # plutoopts="--perpeerlog"
- #
- # Again: only enable plutodebug or klipsdebug when asked by a developer
- #
- # NAT-TRAVERSAL support, see README.NAT-Traversal
- nat_traversal=yes
- # exclude networks used on server side by adding %v4:!a.b.c.0/24
- virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
- # OE is now off by default. Uncomment and change to on, to enable.
- oe=off
- # which IPsec stack to use. auto will try netkey, then klips then mast
- protostack=auto
- include /etc/ipsec.d/l2tp-cert.conf
- #/etc/ipsec.d/l2tp-cert.conf
- conn l2tp-X.509
- authby=rsasig
- pfs=no
- auto=add
- rekey=no
- left=192.168.15.101
- leftnexthop=192.168.15.1
- leftid=@delays.xmtp.net
- leftrsasigkey=%cert
- leftcert=/etc/ipsec.d/certs/delaysCert.pem
- leftprotoport=17/1701
- right=%any
- rightca=%same
- rightrsasigkey=%cert
- rightprotoport=17/0
- rightsubnet=vhost:%priv,%no
Add Comment
Please, Sign In to add comment