package/strongswan/files/ipsec.conf

   1
   2 version 2.0
   3
   4 config setup
   5         interfaces=%defaultroute
   6         nat_traversal=yes               # required on both ends
   7         uniqueids=yes                   # makes sense on client, not server
   8         hidetos=no
   9
  10 conn %default
  11         authby=rsasig
  12         keyingtries=3
  13         keyexchange=ike
  14         left=%defaultroute
  15         leftrsasigkey=%cert
  16         rightrsasigkey=%cert
  17         dpdtimeout=30                   # keepalive must arrive within
  18         dpddelay=5                      # secs before keepalives start
  19         compress=no                     # breaks double nat installations
  20         pfs=yes
  21
  22 conn sample
  23         leftca=%same
  24         leftcert=my.certificate.crt
  25         leftsourceip=192.168.10.1
  26         leftsubnet=192.168.10.0/24
  27         right=my.vpn.concentrator.net.
  28         rightca=%same
  29         rightid="C=??, ST=??, O=??, OU=??, CN=my.vpn.concentrator.net, E=root@concentrator.net"
  30         rightsourceip=192.168.11.1
  31         rightsubnet=192.168.11.0/24
  32         dpdaction=hold
  33         auto=start
  34