mirror
/
openwrt-packages
mirror of https://git.openwrt.org/feed/packages.git
1
0
Fork 0
Code Releases Activity
openwrt-packages/net/libreswan/files/etc/config/libreswan

42 lines
2.0 KiB
Plaintext
Raw Blame History

config libreswan 'globals'
option debug '0' # set debug mode none/all
list virtual_private '10.0.0.0/8'
list virtual_private '192.168.0.0/16'
list virtual_private '172.16.0.0/12'
list virtual_private '25.0.0.0/8'
list virtual_private '100.64.0.0/10'
list virtual_private '!100.64.0.0/24' # the address ranges that may live behind a NAT router through which a client connects
# option listen '192.168.2.100' # listening address, if set listen_interface would not be used
# option listen_interface 'wan' # listening interface
# option uniqueids 'yes' # yes/no
# config crypto_proposal 'p1'
# list encryption_algorithm '3des' # possible values: 3des, aes, aes_ctr, aes_cbc, aes128, aes192, aes256, camellia_cbc
# list hash_algorithm 'md5' # possible values: md5, sha1, sha256, sha384, sha512
# list dh_group 'modp1536' # possible values: modp1536, modp2048, modp3072, modp4096, modp6144, modp8192, dh19, dh20, dh21, dh22, dh31
# config tunnel 'vti2_1_5'
# option left '192.168.1.1'
# option left_interface 'wan' # interface ipaddr to be used as left
# option leftid '@left' # local id
# option right '192.168.2.201' # remote endpoint public ip
# option rightid '@62dd3e3f82339b002405245b' # rightid
# option auto 'start' # what operation, should be done automatically at IPsec startup
# option authby 'secret' # how the two security gateways should authenticate each other
# option psk 'AyG9RlTtQJIUxgxG' # preshare key
# option ikev2 '1' # ike version
# option ikelifetime '8h'
# option rekey '1'
# option rekeymargin '9m'
# option dpdaction 'restart'
# option dpddelay '30'
# option dpdtimeout '150'
# option interface 'vti2_1_5' # only for route based tunnels
# list leftsubnets '0.0.0.0/0'
# list rightsubnets '0.0.0.0/0'
# option phase2 'esp' # phase2 protocol
# list ike 'p1' # list of crypto_proposal (phase1 proposals)
# list phase2ag 'p1' # list of crypto_proposal (phase2 proposals')
# option nflog '0' # enable nflog
# option update_peeraddr '1' # auto update vti interface ppeeradd in /etc/config/network
View Git Blame Copy Permalink