Skip to content

Instantly share code, notes, and snippets.

@cjac
Created August 20, 2015 17:39
Show Gist options
  • Save cjac/29ed0d71efca47687fc9 to your computer and use it in GitHub Desktop.
Save cjac/29ed0d71efca47687fc9 to your computer and use it in GitHub Desktop.
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# strictcrlpolicy=yes
# uniqueids = no
# Add connections here.
# Sample VPN connections
conn %default
ikelifetime=60m
lifetime=30m
rekeymargin=3m
keyingtries=%forever
mobike=no
keyexchange=ikev2
auto=start
authby=secret
type=tunnel
ike=aes128-md5-modp1024
esp=aes128-md5-modp1024
dpdaction=restart
#conn sample-self-signed
# leftsubnet=10.1.0.0/16
# leftcert=selfCert.der
# leftsendcert=never
# right=192.168.0.2
# rightsubnet=10.2.0.0/16
# rightcert=peerCert.der
# auto=start
#conn sample-with-ca-cert
# leftsubnet=10.1.0.0/16
# leftcert=myCert.pem
# right=192.168.0.2
# rightsubnet=10.2.0.0/16
# rightid="C=CH, O=Linux strongSwan CN=peer name"
# auto=start
#
# sip0
#
conn sip0
leftid=@debian0.swna.disney.com
left=%any
leftsourceip=10.0.2.15
leftsubnet=100.64.108.2/30
rightid=@sip0.colliertech.org
right=208.115.126.78
rightsubnet=100.64.108.1/30
keyexchange=ikev2
authby=secret
type=tunnel
ike=aes128-md5-modp1024
esp=aes128-md5-modp1024
dpdaction=restart
ikelifetime=7d
lifetime=1d
rekeymargin=2h
keyingtries=1
auto=start
include /var/lib/strongswan/ipsec.conf.inc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment