| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame^] | 1 | config setup |
| 2 | # needed when using PSK only. Not needed for X.509 based servers | ||||
| 3 | uniqueids=no | ||||
| 4 | virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v4:!100.64.0.0/24 | ||||
| 5 | |||||
| 6 | conn ikev1 | ||||
| 7 | authby=secret | ||||
| 8 | pfs=no | ||||
| 9 | auto=add | ||||
| 10 | rekey=no | ||||
| 11 | left=%defaultroute | ||||
| 12 | right=%any | ||||
| 13 | ikev2=never | ||||
| 14 | type=transport | ||||
| 15 | leftprotoport=17/1701 | ||||
| 16 | rightprotoport=17/%any | ||||
| 17 | dpddelay=15 | ||||
| 18 | dpdtimeout=30 | ||||
| 19 | dpdaction=clear | ||||
| 20 | |||||
| 21 | conn ikev1-nat | ||||
| 22 | also=ikev1 | ||||
| 23 | rightsubnet=vhost:%priv | ||||
| 24 | |||||
| 25 | # include /etc/ipsec.d/*.conf | ||||