aboutsummaryrefslogtreecommitdiffstats
path: root/package/strongswan/files/ipsec.conf
diff options
context:
space:
mode:
authorFlorian Fainelli <florian@openwrt.org>2007-02-28 13:30:51 +0000
committerFlorian Fainelli <florian@openwrt.org>2007-02-28 13:30:51 +0000
commit5ee1f53cb1190bae51e43e1469a3c89f380376ee (patch)
tree9651a517795b0064548993905ffe2979e28fdd7a /package/strongswan/files/ipsec.conf
parent96c42dce806b42e947a743453e09dbff20c804d7 (diff)
downloadmaster-187ad058-5ee1f53cb1190bae51e43e1469a3c89f380376ee.tar.gz
master-187ad058-5ee1f53cb1190bae51e43e1469a3c89f380376ee.tar.bz2
master-187ad058-5ee1f53cb1190bae51e43e1469a3c89f380376ee.zip
Add strongswan (#1330)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@6429 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/strongswan/files/ipsec.conf')
-rw-r--r--package/strongswan/files/ipsec.conf34
1 files changed, 34 insertions, 0 deletions
diff --git a/package/strongswan/files/ipsec.conf b/package/strongswan/files/ipsec.conf
new file mode 100644
index 0000000000..8f59008831
--- /dev/null
+++ b/package/strongswan/files/ipsec.conf
@@ -0,0 +1,34 @@
+
+version 2.0
+
+config setup
+ interfaces=%defaultroute
+ nat_traversal=yes # required on both ends
+ uniqueids=yes # makes sense on client, not server
+ hidetos=no
+
+conn %default
+ authby=rsasig
+ keyingtries=3
+ keyexchange=ike
+ left=%defaultroute
+ leftrsasigkey=%cert
+ rightrsasigkey=%cert
+ dpdtimeout=30 # keepalive must arrive within
+ dpddelay=5 # secs before keepalives start
+ compress=no # breaks double nat installations
+ pfs=yes
+
+conn sample
+ leftca=%same
+ leftcert=my.certificate.crt
+ leftsourceip=192.168.10.1
+ leftsubnet=192.168.10.0/24
+ right=my.vpn.concentrator.net.
+ rightca=%same
+ rightid="C=??, ST=??, O=??, OU=??, CN=my.vpn.concentrator.net, E=root@concentrator.net"
+ rightsourceip=192.168.11.1
+ rightsubnet=192.168.11.0/24
+ dpdaction=hold
+ auto=start
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-17 19:57:43 +0000