-
Notifications
You must be signed in to change notification settings - Fork 1
/
ipsec.conf
40 lines (33 loc) · 1.02 KB
/
ipsec.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# ipsec.conf - strongSwan IPsec configuration file (/etc/strongswan/ipsec.conf)
config setup
charondebug=cfg 2, dmn 2, ike 2, net 2
uniqueids = no
conn %default
dpdaction=clear
dpddelay=120s
dpdtimeout=2000s
keyexchange=ikev2
auto=add
rekey=no
reauth=no
fragmentation=yes
compress=yes
# Cipher Suites
ike=aes256-sha384-ecp384,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha384-modp2048,aes256-sha256-modp2048!
esp=aes256gcm16-ecp384,aes256-sha384-ecp384,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha384,aes256-sha256!
# Left - Local (Server) side
leftcert=fullchain.pem
leftsendcert=always
leftsubnet=0.0.0.0/0
# Right - Remote (Client) side
eap_identity=%any
rightsourceip=10.0.0.0/24
rightdns=9.9.9.9
rightsendcert=never
# IKEv2-MSCHAPv2 Clients
conn ikev2-mschapv2
rightauth=eap-mschapv2
# Apple Clients
conn ikev2-mschapv2-apple
rightauth=eap-mschapv2
leftid=HOSTNAME