42 lines
2.0 KiB
Plaintext
42 lines
2.0 KiB
Plaintext
config libreswan 'globals'
|
|
option debug '0' # set debug mode none/all
|
|
list virtual_private '10.0.0.0/8'
|
|
list virtual_private '192.168.0.0/16'
|
|
list virtual_private '172.16.0.0/12'
|
|
list virtual_private '25.0.0.0/8'
|
|
list virtual_private '100.64.0.0/10'
|
|
list virtual_private '!100.64.0.0/24' # the address ranges that may live behind a NAT router through which a client connects
|
|
# option listen '192.168.2.100' # listening address, if set listen_interface would not be used
|
|
# option listen_interface 'wan' # listening interface
|
|
# option uniqueids 'yes' # yes/no
|
|
|
|
# config crypto_proposal 'p1'
|
|
# list encryption_algorithm '3des' # possible values: 3des, aes, aes_ctr, aes_cbc, aes128, aes192, aes256, camellia_cbc
|
|
# list hash_algorithm 'md5' # possible values: md5, sha1, sha256, sha384, sha512
|
|
# list dh_group 'modp1536' # possible values: modp1536, modp2048, modp3072, modp4096, modp6144, modp8192, dh19, dh20, dh21, dh22, dh31
|
|
|
|
# config tunnel 'vti2_1_5'
|
|
# option left '192.168.1.1'
|
|
# option left_interface 'wan' # interface ipaddr to be used as left
|
|
# option leftid '@left' # local id
|
|
# option right '192.168.2.201' # remote endpoint public ip
|
|
# option rightid '@62dd3e3f82339b002405245b' # rightid
|
|
# option auto 'start' # what operation, should be done automatically at IPsec startup
|
|
# option authby 'secret' # how the two security gateways should authenticate each other
|
|
# option psk 'AyG9RlTtQJIUxgxG' # preshare key
|
|
# option ikev2 '1' # ike version
|
|
# option ikelifetime '8h'
|
|
# option rekey '1'
|
|
# option rekeymargin '9m'
|
|
# option dpdaction 'restart'
|
|
# option dpddelay '30'
|
|
# option dpdtimeout '150'
|
|
# option interface 'vti2_1_5' # only for route based tunnels
|
|
# list leftsubnets '0.0.0.0/0'
|
|
# list rightsubnets '0.0.0.0/0'
|
|
# option phase2 'esp' # phase2 protocol
|
|
# list ike 'p1' # list of crypto_proposal (phase1 proposals)
|
|
# list phase2ag 'p1' # list of crypto_proposal (phase2 proposals')
|
|
# option nflog '0' # enable nflog
|
|
# option update_peeraddr '1' # auto update vti interface ppeeradd in /etc/config/network
|