Version 8 - History - ipsec.conf Reference - strongSwan

ipsec.conf Reference » History » Version 8

Martin Willi, 05.09.2007 08:56
added configuraton example

-Martin Willi
+= ipsec.conf =
 Martin Willi
-Martin Willi
+strongSwan's ''/etc/ipsec.conf'' configuration file consists of three different section types:
 Martin Willi
-Martin Willi
+ * [wiki:ConfigSetupSection config setup] defines general configuration parameters
-Martin Willi
+ * [wiki:ConnSection conn <name>] defines a connection
-Martin Willi
+ * [wiki:CaSection ca <name>] defines a certification authority
 Martin Willi
-Martin Willi
+There can be only one [wiki:ConfigSetupSection config setup] section but
-Martin Willi
+an unlimited number of [wiki:ConnSection conn] and [wiki:CaSection ca] sections.
 Martin Willi
-Martin Willi
+All parameters belonging to a section must be indented by at least one space or tab
-Martin Willi
+character. The rest of the line after a '#' character is treated as a comment.
-Martin Willi
+Comments within a section must also be indented.
 Martin Willi
-Martin Willi
+== Example ==
-Martin Willi
+{{{
-Martin Willi
+config setup
-Martin Willi
+       crlcheckinterval=600s
-Martin Willi
+       cachecrls=yes
-Martin Willi
+       strictcrlpolicy=yes
-Martin Willi
+       plutostart=no
 Martin Willi
-Martin Willi
+ca strongswan-ca  #define alternative CRL distribution point
-Martin Willi
+       cacert=strongswanCert.pem
-Martin Willi
+       crluri=http://crl2.strongswan.org/strongswan.crl
-Martin Willi
+       auto=add
 Martin Willi
-Martin Willi
+conn %default
-Martin Willi
+       keyingtries=1
-Martin Willi
+       keyexchange=ikev2
 Martin Willi
-Martin Willi
+conn roadwarrior
-Martin Willi
+       left=192.168.0.1
-Martin Willi
+       leftsubnet=10.1.0.0/16
-Martin Willi
+       leftcert=moonCert.pem
-Martin Willi
+       leftid=@moon.strongswan.org
-Martin Willi
+       right=%any
-Martin Willi
+       auto=add
-Martin Willi
+}}}

Project

General

Profile

strongSwan

ipsec.conf Reference » History » Version 8