IKEV2C_0USER.ini is the configuration as exported by the lancom config tool-
ipsec up con1@host1
ip route list table 220
[PROFILE1] | |
Name=T-IKEV2C_0USER | |
ConnMedia=21 | |
ConnMode=0 | |
SeamRoaming=1 | |
PriVoIP=1 | |
Gateway=1.2.3.4 | |
PFS=14 | |
UseComp=0 | |
IkeIdType=3 | |
IkeIdStr=IKEV2C_0USER1@intern | |
Secret=reallysecretpassword | |
UseXAUTH=0 | |
IpAddrAssign=0 | |
IkeDhGroup=14 | |
ExchMode=34 | |
IKEv2Auth=2 | |
IKEv2Policy=WIZ-AES256-SHA256 | |
IPSEC-Policy=WIZ-AES256-SHA256 | |
[IKEV2POLICY1] | |
Ikev2Name=WIZ-AES256-SHA256 | |
Ikev2Crypt=6 | |
Ikev2PRF=5 | |
Ikev2IntAlgo=12 | |
[IPSECPOLICY1] | |
IPSecName=WIZ-AES256-SHA256 | |
IpsecCrypt=6 | |
IpsecAuth=5 |
# /etc/ipsec.conf | |
config setup | |
# strictcrlpolicy=yes | |
# uniqueids = no | |
conn con1@host1 | |
keyexchange=ikev2 | |
# ike=aes256-sha256-modp2048! | |
# esp=aes256-sha256! | |
auto=add | |
authby=psk | |
left=%defaultroute | |
leftid=IKEV2C_0USER1@intern | |
leftauth=psk | |
#get the ip dynamically from the gateway | |
leftsourceip=%config4, %config6 | |
right=1.2.3.4 | |
rightid=IKEV2C_0USER1@intern | |
rightauth=psk | |
rightsubnet=192.168.3.0/24 |
#/etc/ipsec.secrets | |
IKEV2C_0USER1@intern : PSK "reallysecretpassword" |
You get it right. Thanks. So my issue is somewhere else.
Dude, great thanks for that snippets! I would have searched the web and tried various configs for hours if I hadn't found this.