Demo entry 6881489

aaa

   

Submitted by anonymous on Sep 11, 2019 at 19:00
Language: markdown. Code size: 1.5 kB.

# ipsec.conf - strongSwan IPsec configuration file  
config setup  
  
  # By default only one client can connect at the same time with an identical  
  # certificate and/or password combination. Enable this option to disable  
  # this behavior.  
  # uniqueids=never  
  
  # Slightly more verbose logging. Very useful for debugging.  
  charondebug="cfg 2, dmn 2, ike 2, net 2"  
  
# Default configuration options, used below if an option is not specified.  
# See: https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection  
conn %default  
  
  
  # Prefer modern cipher suites that allow PFS (Perfect Forward Secrecy)  
  ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,ae  
  esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-s  
  
  # Dead Peer Discovery  
  dpdaction=clear  
  dpddelay=300s  
  
  # Do not renegotiate a connection if it is about to expire  
  rekey=no  
  
  # Server side  
  left=%any  
  leftsubnet=0.0.0.0/0  
# leftcert=vpnHostCert.pem  
  
  # Client side  
  right=%any  
  rightdns=8.8.8.8,8.8.4.4  
  rightsourceip=%dhcp  
  
# IKEv1 (Cisco-compatible version)  
conn CiscoIPSec  
  keyexchange=ikev1  
  # forceencaps=yes  
  # rightauth=pubkey  
  rightauth2=xauth  
  auto=add  

This snippet took 0.00 seconds to highlight.

Back to the Entry List or Home.

Delete this entry (admin only).