projects / openwrt-10.03 / .git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add strongswan (#1330)
[openwrt-10.03/.git] / package / strongswan / files / ipsec.conf
diff --git a/package/strongswan/files/ipsec.conf b/package/strongswan/files/ipsec.conf
new file mode 100644 (file)
index 0000000..8f59008
--- /dev/null
+++ b/package/strongswan/files/ipsec.conf
@@ -0,0 +1,34 @@
+
+version 2.0
+
+config setup
+        interfaces=%defaultroute
+        nat_traversal=yes              # required on both ends
+        uniqueids=yes                  # makes sense on client, not server
+        hidetos=no
+
+conn %default
+        authby=rsasig
+        keyingtries=3
+        keyexchange=ike
+        left=%defaultroute
+        leftrsasigkey=%cert
+        rightrsasigkey=%cert
+        dpdtimeout=30                  # keepalive must arrive within
+        dpddelay=5                     # secs before keepalives start
+        compress=no                    # breaks double nat installations
+        pfs=yes
+
+conn sample
+        leftca=%same
+        leftcert=my.certificate.crt
+        leftsourceip=192.168.10.1
+        leftsubnet=192.168.10.0/24
+        right=my.vpn.concentrator.net.
+        rightca=%same
+        rightid="C=??, ST=??, O=??, OU=??, CN=my.vpn.concentrator.net, E=root@concentrator.net"
+        rightsourceip=192.168.11.1
+        rightsubnet=192.168.11.0/24
+        dpdaction=hold
+        auto=start
+
Unnamed repository; edit this file 'description' to name the repository.