35 lines
946 B
Plaintext
35 lines
946 B
Plaintext
|
|
version 2.0
|
|
|
|
config setup
|
|
interfaces=%defaultroute
|
|
nat_traversal=yes # required on both ends
|
|
uniqueids=yes # makes sense on client, not server
|
|
hidetos=no
|
|
|
|
conn %default
|
|
authby=rsasig
|
|
keyingtries=3
|
|
keyexchange=ike
|
|
left=%defaultroute
|
|
leftrsasigkey=%cert
|
|
rightrsasigkey=%cert
|
|
dpdtimeout=30 # keepalive must arrive within
|
|
dpddelay=5 # secs before keepalives start
|
|
compress=no # breaks double nat installations
|
|
pfs=yes
|
|
|
|
conn sample
|
|
leftca=%same
|
|
leftcert=my.certificate.crt
|
|
leftsourceip=192.168.10.1
|
|
leftsubnet=192.168.10.0/24
|
|
right=my.vpn.concentrator.net.
|
|
rightca=%same
|
|
rightid="C=??, ST=??, O=??, OU=??, CN=my.vpn.concentrator.net, E=root@concentrator.net"
|
|
rightsourceip=192.168.11.1
|
|
rightsubnet=192.168.11.0/24
|
|
dpdaction=hold
|
|
auto=start
|
|
|