Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- router:/etc# cat /etc/ipsec.conf
- # /etc/ipsec.conf - Openswan IPsec configuration file
- # This file: /usr/share/doc/openswan/ipsec.conf-sample
- #
- # Manual: ipsec.conf.5
- version 2.0 # conforms to second version of ipsec.conf specification
- # basic configuration
- config setup
- # Do not set debug options to debug configuration issues!
- # plutodebug / klipsdebug = "all", "none" or a combation from below:
- # "raw crypt parsing emitting control klips pfkey natt x509 dpd private"
- # eg:
- # plutodebug="control parsing"
- #
- # enable to get logs per-peer
- # plutoopts="--perpeerlog"
- #
- # Again: only enable plutodebug or klipsdebug when asked by a developer
- #
- # NAT-TRAVERSAL support, see README.NAT-Traversal
- nat_traversal=yes
- # exclude networks used on server side by adding %v4:!a.b.c.0/24
- virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
- # OE is now off by default. Uncomment and change to on, to enable.
- oe=off
- # which IPsec stack to use. auto will try netkey, then klips then mast
- # protostack=auto
- protostack=netkey
- # Add connections here
- # sample VPN connection
- # for more examples, see /etc/ipsec.d/examples/
- #conn sample
- # # Left security gateway, subnet behind it, nexthop toward right.
- # left=10.0.0.1
- # leftsubnet=172.16.0.0/24
- # leftnexthop=10.22.33.44
- # # Right security gateway, subnet behind it, nexthop toward left.
- # right=10.12.12.1
- # rightsubnet=192.168.0.0/24
- # rightnexthop=10.101.102.103
- # # To authorize this connection, but not actually start it,
- # # at startup, uncomment this.
- # #auto=add
- conn testvpn
- authby=secret
- # auto=add
- left=62.26.19.28
- leftsubnet=10.0.0.0/22
- right=85.25.28.81
- rightsubnet=10.25.28.0/24
- #ike=3des-sha1-modp1024
- ike=3des
- esp=3des-sha1
- auto=start
- type=tunnel
- router:/etc#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement