SHOW:
|
|
- or go back to the newest paste.
| 1 | # strongswan.conf - strongSwan configuration file | |
| 2 | charon {
| |
| 3 | threads = 16 | |
| 4 | ||
| 5 | plugins {
| |
| 6 | sql {
| |
| 7 | # loglevel to log into sql database | |
| 8 | loglevel = -1 | |
| 9 | } | |
| 10 | ||
| 11 | } | |
| 12 | ||
| 13 | syslog {
| |
| 14 | daemon {
| |
| 15 | default = 1 | |
| 16 | cfg = 4 | |
| 17 | lib = 4 | |
| 18 | } | |
| 19 | } | |
| 20 | } | |
| 21 | ||
| 22 | - | pluto {
|
| 22 | + | |
| 23 | plugins {
| |
| 24 | pkcs11 {
| |
| 25 | modules {
| |
| 26 | use_hasher = no | |
| 27 | pkcs11-test {
| |
| 28 | path = /usr/local/lib/opensc-pkcs11.so | |
| 29 | } | |
| 30 | } | |
| 31 | } | |
| 32 | } | |
| 33 | } | |
| 34 | ||
| 35 | ||
| 36 | ########################################## | |
| 37 | # ipsec.conf - strongSwan IPsec configuration file | |
| 38 | ||
| 39 | config setup | |
| 40 | uniqueids = no | |
| 41 | ||
| 42 | conn cap | |
| 43 | keyexchange=ikev2 # this is the only think I changed between ikev1 and ikev2 scenarios | |
| 44 | left=%defaultroute | |
| 45 | leftcert=%smartcard1:19e69b3cf025053d08b52ffc80a3e8239423393e | |
| 46 | - | keyexchange=ikev2 # this is the only think which changed between both ikev1 and ikev2 scenarios |
| 46 | + | leftid="XXXXXXX" |
| 47 | leftsendcert=ifasked | |
| 48 | right=192.168.2.141 | |
| 49 | - | leftid="XXXXXXX" # obfuscated |
| 49 | + | rightid="YYYYYYYY" |
| 50 | auto=add | |
| 51 | ||
| 52 | - | rightid="YYYYYYYY" # obfuscated |
| 52 | + | |
| 53 | # /etc/ipsec.secrets - strongSwan IPsec secrets file | |
| 54 | ||
| 55 | : PIN %smartcard1:19e69b3cf025053d08b52ffc80a3e8239423393e %prompt |
