Skip to content

Instantly share code, notes, and snippets.

@wzxjohn wzxjohn/ipsec.conf Secret
Last active Aug 29, 2015

Embed
What would you like to do?
IPSec Config File for IKEv2, IKEv2 with EAP, IKEv1 (CiscoIPSec)
config setup
uniqueids = no
#if uniqueids is yes, ipsec will only allow
#one connection per user, which will cause
#connect failed on iOS
conn %default
keyexchange=ikev2
dpdaction=clear
dpddelay=5s
#auto destroy unused connections
rekey=no
left=%any
leftsubnet=0.0.0.0/0
leftcert=server.pem
#server cert that will send to client
leftsendcert=always
#always send server cert
#not set may cause cert failed
right=%any
rightdns=8.8.8.8,8.8.4.4
#DNS send to client
rightsourceip=172.0.0.0/24
#DHCP Pool for client
conn IPSec-IKEv2
keyexchange=ikev2
leftid=@you.domain.in.cert
#your servr name in cert "server.pem"
rightid=*@every.string.you.want
#define a suffix for user account
auto=add
conn IPSec-IKEv2-EAP
also="IPSec-IKEv2"
rightauth=eap-mschapv2
#define auth type to EAP
rightsendcert=never
#do not need client cert
eap_identity=%any
#any user can login successfully
conn CiscoIPSec
keyexchange=ikev1
leftsendcert=never
#do not need server side cert
leftauth=psk
rightauth=psk
#use PSK as client server auth type
rightauth2=xauth
#use xauth as user login auth type
auto=add
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.