ipsec.conf Reference » History » Version 10
Version 9 (Martin Willi, 05.09.2007 08:59) → Version 10/21 (Martin Willi, 05.09.2007 09:00)
= ipsec.conf =
strongSwan's ''/etc/ipsec.conf'' configuration file consists of three different section types:
* [wiki:ConfigSetupSection config setup] defines general configuration parameters
* [wiki:ConnSection conn <name>] defines a connection
* [wiki:CaSection ca <name>] defines a certification authority
There can be only one [wiki:ConfigSetupSection config setup] section but
an unlimited number of [wiki:ConnSection conn] and [wiki:CaSection ca] sections.
All parameters belonging to a section must be indented by at least one space or tab
character. The rest of the line after a '#' character is treated as a comment.
Comments within a section must also be indented.
== Example ==
{{{
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
crlcheckinterval=600s
cachecrls=yes
strictcrlpolicy=yes
plutostart=no
ca strongswan strongswan-ca #define alternative CRL distribution point
cacert=strongswanCert.pem
crluri=http://crl2.strongswan.org/strongswan.crl
auto=add
conn %default
keyingtries=1
keyexchange=ikev2
conn roadwarrior
left=192.168.0.1
leftsubnet=10.1.0.0/16
leftcert=moonCert.pem
leftid=@moon.strongswan.org
right=%any
auto=add
}}}
strongSwan's ''/etc/ipsec.conf'' configuration file consists of three different section types:
* [wiki:ConfigSetupSection config setup] defines general configuration parameters
* [wiki:ConnSection conn <name>] defines a connection
* [wiki:CaSection ca <name>] defines a certification authority
There can be only one [wiki:ConfigSetupSection config setup] section but
an unlimited number of [wiki:ConnSection conn] and [wiki:CaSection ca] sections.
All parameters belonging to a section must be indented by at least one space or tab
character. The rest of the line after a '#' character is treated as a comment.
Comments within a section must also be indented.
== Example ==
{{{
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
crlcheckinterval=600s
cachecrls=yes
strictcrlpolicy=yes
plutostart=no
ca strongswan strongswan-ca #define alternative CRL distribution point
cacert=strongswanCert.pem
crluri=http://crl2.strongswan.org/strongswan.crl
auto=add
conn %default
keyingtries=1
keyexchange=ikev2
conn roadwarrior
left=192.168.0.1
leftsubnet=10.1.0.0/16
leftcert=moonCert.pem
leftid=@moon.strongswan.org
right=%any
auto=add
}}}