Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # ipsec.conf - strongSwan IPsec configuration file
- # basic configuration
- config setup
- charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2, mgr 2"
- # strictcrlpolicy=yes
- # uniqueids = no
- # Add connections here.
- conn %default
- keyexchange=ikev2
- ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024,aes256-sha-modp1024,aes256-sha512-modp4096!
- esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024,aes128gcm16,aes256gcm16,aes128-sha256,aes128-sha1,aes256-sha384,aes256-sha256,aes256-sha1,aes256-sha-modp1024,aes256-sha512-modp4096!
- dpdaction=clear
- dpddelay=300s
- rekey=no
- left=%any
- leftsubnet=0.0.0.0/0
- leftcert=serverCert.der
- right=%any
- rightdns=8.8.8.8,8.8.4.4
- rightsourceip=10.20.30.0/24
- conn IPSec-IKEv2
- keyexchange=ikev2
- auto=add
- conn IPSec-IKEv2-EAP
- also="IPSec-IKEv2"
- rightauth=eap-mschapv2
- rightauthby2=pubkey
- rightsendcert=never
- eap_identity=%any
Add Comment
Please, Sign In to add comment