Skip to content

Instantly share code, notes, and snippets.

@tuxmartin tuxmartin/ipsec.conf
Created Oct 18, 2018

Embed
What would you like to do?
# /etc/ipsec.conf
config setup
charondebug="ike 1, knl 1, cfg 0"
uniqueids=no
conn ikev2-vpn
auto=add
compress=no
type=tunnel
keyexchange=ikev2
fragmentation=yes
forceencaps=yes
dpdaction=clear
dpddelay=300s
dpdtimeout=1800s
ike=aes256-aes192-aes128-sha384-sha256-sha1-modp3072-modp2048-modp1536-modp1024!
rekey=no
left=%any
leftid=my.domain.com
leftauth=pubkey
leftcert=fullchain.cer
leftsendcert=always
leftsubnet=0.0.0.0/0
right=%any
rightid=%any
rightauth=eap-mschapv2
rightsourceip=10.10.10.0/24
rightdns=8.8.8.8,8.8.4.4
rightsendcert=never
eap_identity=%identity
conn static_ip___staticuser200
also=ikev2-vpn
rightid=staticuser200
rightsourceip=10.10.10.200/32
conn static_ip___staticuser201
also=ikev2-vpn
rightid=staticuser201
rightsourceip=10.10.10.201/32
# /etc/ipsec.secrets
: RSA "/path/to/private.key"
testuser : EAP "UltraStrongPass123"
staticuser200 : EAP "UltraStrongPass456"
staticuser201 : EAP "UltraStrongPass789"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.