openwrt/package/strongswan/files/ipsec.conf


version 2.0

config setup
        interfaces=%defaultroute
        nat_traversal=yes		# required on both ends
        uniqueids=yes			# makes sense on client, not server
        hidetos=no

conn %default
        authby=rsasig
        keyingtries=3
        keyexchange=ike
        left=%defaultroute
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        dpdtimeout=30			# keepalive must arrive within
        dpddelay=5			# secs before keepalives start
        compress=no			# breaks double nat installations
        pfs=yes

conn sample
        leftca=%same
        leftcert=my.certificate.crt
        leftsourceip=192.168.10.1
        leftsubnet=192.168.10.0/24
        right=my.vpn.concentrator.net.
        rightca=%same
        rightid="C=??, ST=??, O=??, OU=??, CN=my.vpn.concentrator.net, E=root@concentrator.net"
        rightsourceip=192.168.11.1
        rightsubnet=192.168.11.0/24
        dpdaction=hold
        auto=start
Add strongswan (#1330) SVN-Revision: 6429 2007-02-28 13:30:51 +00:00
			`version 2.0`

			`config setup`
			`interfaces=%defaultroute`
			`nat_traversal=yes # required on both ends`
			`uniqueids=yes # makes sense on client, not server`
			`hidetos=no`

			`conn %default`
			`authby=rsasig`
			`keyingtries=3`
			`keyexchange=ike`
			`left=%defaultroute`
			`leftrsasigkey=%cert`
			`rightrsasigkey=%cert`
			`dpdtimeout=30 # keepalive must arrive within`
			`dpddelay=5 # secs before keepalives start`
			`compress=no # breaks double nat installations`
			`pfs=yes`

			`conn sample`
			`leftca=%same`
			`leftcert=my.certificate.crt`
			`leftsourceip=192.168.10.1`
			`leftsubnet=192.168.10.0/24`
			`right=my.vpn.concentrator.net.`
			`rightca=%same`
			`rightid="C=??, ST=??, O=??, OU=??, CN=my.vpn.concentrator.net, E=root@concentrator.net"`
			`rightsourceip=192.168.11.1`
			`rightsubnet=192.168.11.0/24`
			`dpdaction=hold`
			`auto=start`