You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
46 lines
1.4 KiB
46 lines
1.4 KiB
# /etc/ipsec.conf - Libreswan IPsec configuration file
|
|
#
|
|
# see 'man ipsec.conf' and 'man pluto' for more information
|
|
#
|
|
# For example configurations and documentation, see https://libreswan.org/wiki/
|
|
|
|
config setup
|
|
# Normally, pluto logs via syslog.
|
|
#logfile=/var/log/pluto.log
|
|
#
|
|
# Do not enable debug options to debug configuration issues!
|
|
#
|
|
# plutodebug="control parsing"
|
|
# plutodebug="all crypt"
|
|
plutodebug=none
|
|
#
|
|
# NAT-TRAVERSAL support
|
|
# exclude networks used on server side by adding %v4:!a.b.c.0/24
|
|
# It seems that T-Mobile in the US and Rogers/Fido in Canada are
|
|
# using 25/8 as "private" address space on their wireless networks.
|
|
# This range has never been announced via BGP (at least up to 2015)
|
|
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
|
|
|
|
# if it exists, include system wide crypto-policy defaults
|
|
# include /etc/crypto-policies/back-ends/libreswan.config
|
|
|
|
# It is best to add your IPsec connections as separate files in /etc/ipsec.d/
|
|
|
|
conn L2TP-PSK-NAT
|
|
rightsubnet=vhost:%priv
|
|
also=L2TP-PSK-noNAT
|
|
|
|
conn L2TP-PSK-noNAT
|
|
authby=secret
|
|
pfs=no
|
|
auto=add
|
|
keyingtries=8
|
|
ikelifetime=8h
|
|
keylife=1h
|
|
type=transport
|
|
left=A.B.C.D
|
|
leftprotoport=17/1701
|
|
right=%any
|
|
rightprotoport=17/%any
|
|
|
|
include /etc/ipsec.d/*.conf
|