| 123456789101112131415161718192021222324252627282930313233343536373839404142 |
- # /etc/ipsec.conf - strongSwan IPsec configuration file
- config setup
- strictcrlpolicy=yes
- ca strongswan
- cacert=strongswanCert.pem
- crluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA, o=strongSwan Project, c=CH?certificateRevocationList"
- auto=add
- ca research
- cacert=researchCert.pem
- crluri="ldap://ldap.strongswan.org/cn=Research CA, ou=Research, o=strongSwan Project, c=CH?certificateRevocationList"
- auto=add
- ca sales
- cacert=salesCert.pem
- crluri="ldap://ldap.strongswan.org/cn=Sales CA, ou=Sales, o=strongSwan Project, c=CH?certificateRevocationList"
- auto=add
- conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- left=PH_IP_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftfirewall=yes
- conn alice
- leftsubnet=PH_IP_ALICE/32
- right=%any
- rightca="C=CH, O=strongSwan Project, OU=Research, CN=Research CA"
- auto=add
- conn venus
- leftsubnet=PH_IP_VENUS/32
- right=%any
- rightca="C=CH, O=strongSwan Project, OU=Sales, CN=Sales CA"
- auto=add
|
