dapao9999/ipsec.conf

## ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file

config setup
    charondebug="ike 4, knl 4, cfg 4, net 4, esp 4, dmn 4,  mgr 4"

conn %default
    keyexchange=ike
    ike=aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024,aes256-sha1-modp1024,aes256-sha256-modp1024,aes256-sha256-modp1536,aes256-sha256-modp2048,aes256-sha256-modp4096,aes256-sha384-ecp384,aes256-sha384-modp1024,aes256-sha384-modp1536,aes256-sha384-modp2048,aes256-sha384-modp4096,aes256gcm16-aes256gcm12-aes128gcm16-aes128gcm12-sha256-sha1-modp2048-modp4096-modp1024,3des-sha1-modp1024!
    esp=aes128-aes256-sha1-sha256-modp2048-modp4096-modp1024,aes128-sha1,aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes128gcm12-aes128gcm16-aes256gcm12-aes256gcm16-modp2048-modp4096-modp1024,aes128gcm16,aes128gcm16-ecp256,aes256-sha1,aes256-sha256,aes256-sha256-modp1024,aes256-sha256-modp1536,aes256-sha256-modp2048,aes256-sha256-modp4096,aes256-sha384,aes256-sha384-ecp384,aes256-sha384-modp1024,aes256-sha384-modp1536,aes256-sha384-modp2048,aes256-sha384-modp4096,aes256gcm16,aes256gcm16-ecp384,3des-sha1!
    dpdaction=clear
    dpddelay=300s
    rekey=no
    left=%any
    leftid=yourhostname.net
    leftsubnet=0.0.0.0/0,::/0
    leftcert=vpnHostCert.der
    right=%any
    rightsourceip=10.0.42.0/24,fd69:9fd0:efca:7094:1::/112
    rightdns=8.8.8.8,2001:4860:4860::8888

conn IPSec-IKEv2
    keyexchange=ike
    leftauth=pubkey
    rightauth=pubkey
    leftsendcert=always
    auto=add

conn IPSec-IKEv2-EAP
    keyexchange=ike
    leftauth=pubkey
    leftsendcert=always
    rightauth=eap-mschapv2
    rightsendcert=never
    eap_identity=%any
    auto=add

conn CiscoIPSec
    keyexchange=ikev1
    rightauth=pubkey
    rightauth2=xauth
    auto=add
	# ipsec.conf - strongSwan IPsec configuration file

	config setup
	charondebug="ike 4, knl 4, cfg 4, net 4, esp 4, dmn 4, mgr 4"

	conn %default
	keyexchange=ike
	ike=aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024,aes256-sha1-modp1024,aes256-sha256-modp1024,aes256-sha256-modp1536,aes256-sha256-modp2048,aes256-sha256-modp4096,aes256-sha384-ecp384,aes256-sha384-modp1024,aes256-sha384-modp1536,aes256-sha384-modp2048,aes256-sha384-modp4096,aes256gcm16-aes256gcm12-aes128gcm16-aes128gcm12-sha256-sha1-modp2048-modp4096-modp1024,3des-sha1-modp1024!
	esp=aes128-aes256-sha1-sha256-modp2048-modp4096-modp1024,aes128-sha1,aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes128gcm12-aes128gcm16-aes256gcm12-aes256gcm16-modp2048-modp4096-modp1024,aes128gcm16,aes128gcm16-ecp256,aes256-sha1,aes256-sha256,aes256-sha256-modp1024,aes256-sha256-modp1536,aes256-sha256-modp2048,aes256-sha256-modp4096,aes256-sha384,aes256-sha384-ecp384,aes256-sha384-modp1024,aes256-sha384-modp1536,aes256-sha384-modp2048,aes256-sha384-modp4096,aes256gcm16,aes256gcm16-ecp384,3des-sha1!
	dpdaction=clear
	dpddelay=300s
	rekey=no
	left=%any
	leftid=yourhostname.net
	leftsubnet=0.0.0.0/0,::/0
	leftcert=vpnHostCert.der
	right=%any
	rightsourceip=10.0.42.0/24,fd69:9fd0:efca:7094:1::/112
	rightdns=8.8.8.8,2001:4860:4860::8888

	conn IPSec-IKEv2
	keyexchange=ike
	leftauth=pubkey
	rightauth=pubkey
	leftsendcert=always
	auto=add

	conn IPSec-IKEv2-EAP
	keyexchange=ike
	leftauth=pubkey
	leftsendcert=always
	rightauth=eap-mschapv2
	rightsendcert=never
	eap_identity=%any
	auto=add

	conn CiscoIPSec
	keyexchange=ikev1
	rightauth=pubkey
	rightauth2=xauth
	auto=add