Update IPSec configs templates
This commit is contained in:
Mykola Baibuz
parent
b0b185027e
commit
89d4c18e87
2 changed files with 10 additions and 12 deletions
|
|
@ -242,6 +242,7 @@ conn ikev2-cp
|
|||
dpdtimeout=120
|
||||
dpdaction=clear
|
||||
auto=add
|
||||
authby=rsa-sha1
|
||||
ikev2=insist
|
||||
rekey=no
|
||||
pfs=no
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@ config setup
|
|||
|
||||
conn ikev2-vpn
|
||||
auto=add
|
||||
compress=no
|
||||
type=tunnel
|
||||
keyexchange=ikev2
|
||||
fragmentation=yes
|
||||
|
|
@ -12,19 +11,17 @@ conn ikev2-vpn
|
|||
dpdaction=clear
|
||||
dpddelay=300s
|
||||
rekey=no
|
||||
left=%any
|
||||
leftid=$CLIENT_NAME
|
||||
leftcert=$CLIENT_NAME.crt
|
||||
leftdns=$PRIMARY_DNS,$SECONDARY_DNS
|
||||
leftsendcert=always
|
||||
leftsubnet=0.0.0.0/0
|
||||
right=%any
|
||||
rightid=%any
|
||||
rightauth=rsa
|
||||
rightsourceip=$IPSEC_VPN_L2TP_NET
|
||||
rightdns=$PRIMARY_DNS,$SECONDARY_DNS
|
||||
leftsourceip=%config
|
||||
right=$SERVER_IP_ADDRESS
|
||||
rightsubnet=0.0.0.0/0
|
||||
rightsendcert=never
|
||||
eap_identity=%identity
|
||||
ike=aes256-sha1-modp1024,aes128-sha1-modp1024
|
||||
esp=aes256-sha1,aes256-sha2_512
|
||||
encapsulation=yes
|
||||
ike=aes256-sha256-modp2048,aes256-sha1-modp1024,3des-sha1-modp1024
|
||||
esp=aes256-sha256,aes256-sha1,3des-sha1
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue