IPSec Config File for IKEv2, IKEv2 with EAP, IKEv1 (CiscoIPSec)
config setup | |
uniqueids = no | |
#if uniqueids is yes, ipsec will only allow | |
#one connection per user, which will cause | |
#connect failed on iOS | |
conn %default | |
keyexchange=ikev2 | |
dpdaction=clear | |
dpddelay=5s | |
#auto destroy unused connections | |
rekey=no | |
left=%any | |
leftsubnet=0.0.0.0/0 | |
leftcert=server.pem | |
#server cert that will send to client | |
leftsendcert=always | |
#always send server cert | |
#not set may cause cert failed | |
right=%any | |
rightdns=8.8.8.8,8.8.4.4 | |
#DNS send to client | |
rightsourceip=172.0.0.0/24 | |
#DHCP Pool for client | |
conn IPSec-IKEv2 | |
keyexchange=ikev2 | |
leftid=@you.domain.in.cert | |
#your servr name in cert "server.pem" | |
rightid=*@every.string.you.want | |
#define a suffix for user account | |
auto=add | |
conn IPSec-IKEv2-EAP | |
also="IPSec-IKEv2" | |
rightauth=eap-mschapv2 | |
#define auth type to EAP | |
rightsendcert=never | |
#do not need client cert | |
eap_identity=%any | |
#any user can login successfully | |
conn CiscoIPSec | |
keyexchange=ikev1 | |
leftsendcert=never | |
#do not need server side cert | |
leftauth=psk | |
rightauth=psk | |
#use PSK as client server auth type | |
rightauth2=xauth | |
#use xauth as user login auth type | |
auto=add |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment