IPSec Config File for IKEv2, IKEv2 with EAP, IKEv1 (CiscoIPSec)
| config setup | |
| uniqueids = no | |
| #if uniqueids is yes, ipsec will only allow | |
| #one connection per user, which will cause | |
| #connect failed on iOS | |
| conn %default | |
| keyexchange=ikev2 | |
| dpdaction=clear | |
| dpddelay=5s | |
| #auto destroy unused connections | |
| rekey=no | |
| left=%any | |
| leftsubnet=0.0.0.0/0 | |
| leftcert=server.pem | |
| #server cert that will send to client | |
| leftsendcert=always | |
| #always send server cert | |
| #not set may cause cert failed | |
| right=%any | |
| rightdns=8.8.8.8,8.8.4.4 | |
| #DNS send to client | |
| rightsourceip=172.0.0.0/24 | |
| #DHCP Pool for client | |
| conn IPSec-IKEv2 | |
| keyexchange=ikev2 | |
| leftid=@you.domain.in.cert | |
| #your servr name in cert "server.pem" | |
| rightid=*@every.string.you.want | |
| #define a suffix for user account | |
| auto=add | |
| conn IPSec-IKEv2-EAP | |
| also="IPSec-IKEv2" | |
| rightauth=eap-mschapv2 | |
| #define auth type to EAP | |
| rightsendcert=never | |
| #do not need client cert | |
| eap_identity=%any | |
| #any user can login successfully | |
| conn CiscoIPSec | |
| keyexchange=ikev1 | |
| leftsendcert=never | |
| #do not need server side cert | |
| leftauth=psk | |
| rightauth=psk | |
| #use PSK as client server auth type | |
| rightauth2=xauth | |
| #use xauth as user login auth type | |
| auto=add |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment