faridprogrammer/gist:738b557dc2a5fdd90908358cbf41fe23

## gistfile1.txt
/etc/ipsec.conf


conn "CONNECTION_NAME"
  keyexchange = ikev1

  ike = aes256-sha256-modp1536!
  esp = aes256-sha256-modp1536!

  aggressive = yes

  right = "SERVER_IP"
  rightsubnet = 0.0.0.0/0
  rightauth = psk

  left = %defaultroute
  leftsourceip=%config
  leftauth = psk
  leftauth2 = xauth
  xauth_identity = "YOUR_USERNAME"

  auto = add
  leftupdown = /usr/lib/ipsec/_"CONNECTION_NAME"_updown.sh


/usr/lib/ipsec/_"CONNECTION_NAME"_updown.sh


#! /bin/sh
case "$PLUTO_VERB:$1" in
up-client:)
  sudo resolvectl dns $(ip addr show | awk '/inet.*brd/{print $NF; exit}') "DNS"
  ;;
down-client:)
  sudo resolvectl dns $(ip addr show | awk '/inet.*brd/{print $NF; exit}') 1.1.1.1
  ;;
esac

chmod +x /usr/lib/ipsec/_"CONNECTION_NAME"_updown.sh

/etc/ipsec.secrets
"SERVER_IP" %any : PSK "IPSEC_PRESHARED_KEY"

"SERVER_IP" %any : XAUTH "YOUR_PASSWORD"
	/etc/ipsec.conf


	conn "CONNECTION_NAME"
	keyexchange = ikev1

	ike = aes256-sha256-modp1536!
	esp = aes256-sha256-modp1536!

	aggressive = yes

	right = "SERVER_IP"
	rightsubnet = 0.0.0.0/0
	rightauth = psk

	left = %defaultroute
	leftsourceip=%config
	leftauth = psk
	leftauth2 = xauth
	xauth_identity = "YOUR_USERNAME"

	auto = add
	leftupdown = /usr/lib/ipsec/_"CONNECTION_NAME"_updown.sh


	/usr/lib/ipsec/_"CONNECTION_NAME"_updown.sh


	#! /bin/sh
	case "$PLUTO_VERB:$1" in
	up-client:)
	sudo resolvectl dns $(ip addr show \| awk '/inet.*brd/{print $NF; exit}') "DNS"
	;;
	down-client:)
	sudo resolvectl dns $(ip addr show \| awk '/inet.*brd/{print $NF; exit}') 1.1.1.1
	;;
	esac

	chmod +x /usr/lib/ipsec/_"CONNECTION_NAME"_updown.sh

	/etc/ipsec.secrets
	"SERVER_IP" %any : PSK "IPSEC_PRESHARED_KEY"

	"SERVER_IP" %any : XAUTH "YOUR_PASSWORD"