-
-
Save williamsjj/4dc00138e62697aec602 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/ipsec.conf - Openswan IPsec configuration file | |
# This file: /usr/share/doc/openswan/ipsec.conf-sample | |
# | |
# Manual: ipsec.conf.5 | |
version 2.0 # conforms to second version of ipsec.conf specification | |
# basic configuration | |
config setup | |
# Do not set debug options to debug configuration issues! | |
# plutodebug / klipsdebug = "all", "none" or a combation from below: | |
# "raw crypt parsing emitting control klips pfkey natt x509 dpd private" | |
# eg: | |
# plutodebug="control parsing" | |
# Again: only enable plutodebug or klipsdebug when asked by a developer | |
# | |
# enable to get logs per-peer | |
# plutoopts="--perpeerlog" | |
# | |
# Enable core dumps (might require system changes, like ulimit -C) | |
# This is required for abrtd to work properly | |
# Note: incorrect SElinux policies might prevent pluto writing the core | |
dumpdir=/var/run/pluto/ | |
plutostderrlog=/var/log/ipsec.log | |
#plutodebug="all" | |
#nhelpers=0 | |
# | |
# NAT-TRAVERSAL support, see README.NAT-Traversal | |
nat_traversal=yes | |
# exclude networks used on server side by adding %v4:!a.b.c.0/24 | |
# It seems that T-Mobile in the US and Rogers/Fido in Canada are | |
# using 25/8 as "private" address space on their 3G network. | |
# This range has not been announced via BGP (at least upto 2010-12-21) | |
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10 | |
# OE is now off by default. Uncomment and change to on, to enable. | |
oe=off | |
# which IPsec stack to use. auto will try netkey, then klips then mast | |
protostack=netkey | |
# Use this to log to a file, or disable logging on embedded systems (like openwrt) | |
#plutostderrlog=/dev/null | |
# Add connections here | |
include /etc/ipsec.d/*.conf |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment