a7558eb356
Libreswan is a free software implementation of the most widely
supported and standardized VPN protocol based on ("IPsec") and
the Internet Key Exchange ("IKE"). These standards are produced
and maintained by the Internet Engineering Task Force ("IETF").
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
46 lines
No EOL
1.4 KiB
Text
46 lines
No EOL
1.4 KiB
Text
# /etc/ipsec.conf - Libreswan IPsec configuration file
|
|
#
|
|
# see 'man ipsec.conf' and 'man pluto' for more information
|
|
#
|
|
# For example configurations and documentation, see https://libreswan.org/wiki/
|
|
|
|
config setup
|
|
# Normally, pluto logs via syslog.
|
|
#logfile=/var/log/pluto.log
|
|
#
|
|
# Do not enable debug options to debug configuration issues!
|
|
#
|
|
# plutodebug="control parsing"
|
|
# plutodebug="all crypt"
|
|
plutodebug=none
|
|
#
|
|
# NAT-TRAVERSAL support
|
|
# exclude networks used on server side by adding %v4:!a.b.c.0/24
|
|
# It seems that T-Mobile in the US and Rogers/Fido in Canada are
|
|
# using 25/8 as "private" address space on their wireless networks.
|
|
# This range has never been announced via BGP (at least up to 2015)
|
|
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
|
|
|
|
# if it exists, include system wide crypto-policy defaults
|
|
# include /etc/crypto-policies/back-ends/libreswan.config
|
|
|
|
# It is best to add your IPsec connections as separate files in /etc/ipsec.d/
|
|
|
|
conn L2TP-PSK-NAT
|
|
rightsubnet=vhost:%priv
|
|
also=L2TP-PSK-noNAT
|
|
|
|
conn L2TP-PSK-noNAT
|
|
authby=secret
|
|
pfs=no
|
|
auto=add
|
|
keyingtries=8
|
|
ikelifetime=8h
|
|
keylife=1h
|
|
type=transport
|
|
left=A.B.C.D
|
|
leftprotoport=17/1701
|
|
right=%any
|
|
rightprotoport=17/%any
|
|
|
|
include /etc/ipsec.d/*.conf |