-
-
Save wzxjohn/9d17c27b83cd9f2c09c7 to your computer and use it in GitHub Desktop.
IPSec Config File for IKEv2, IKEv2 with EAP, IKEv1 (CiscoIPSec)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
config setup | |
uniqueids = no | |
#if uniqueids is yes, ipsec will only allow | |
#one connection per user, which will cause | |
#connect failed on iOS | |
conn %default | |
keyexchange=ikev2 | |
dpdaction=clear | |
dpddelay=5s | |
#auto destroy unused connections | |
rekey=no | |
left=%any | |
leftsubnet=0.0.0.0/0 | |
leftcert=server.pem | |
#server cert that will send to client | |
leftsendcert=always | |
#always send server cert | |
#not set may cause cert failed | |
right=%any | |
rightdns=8.8.8.8,8.8.4.4 | |
#DNS send to client | |
rightsourceip=172.0.0.0/24 | |
#DHCP Pool for client | |
conn IPSec-IKEv2 | |
keyexchange=ikev2 | |
leftid=@you.domain.in.cert | |
#your servr name in cert "server.pem" | |
rightid=*@every.string.you.want | |
#define a suffix for user account | |
auto=add | |
conn IPSec-IKEv2-EAP | |
also="IPSec-IKEv2" | |
rightauth=eap-mschapv2 | |
#define auth type to EAP | |
rightsendcert=never | |
#do not need client cert | |
eap_identity=%any | |
#any user can login successfully | |
conn CiscoIPSec | |
keyexchange=ikev1 | |
leftsendcert=never | |
#do not need server side cert | |
leftauth=psk | |
rightauth=psk | |
#use PSK as client server auth type | |
rightauth2=xauth | |
#use xauth as user login auth type | |
auto=add |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment