ipsec.conf Reference » History » Version 9
Martin Willi, 05.09.2007 08:59
added caption
| 1 | 1 | Martin Willi | = ipsec.conf = |
|---|---|---|---|
| 2 | 1 | Martin Willi | |
| 3 | 7 | Martin Willi | strongSwan's ''/etc/ipsec.conf'' configuration file consists of three different section types: |
| 4 | 1 | Martin Willi | |
| 5 | 5 | Martin Willi | * [wiki:ConfigSetupSection config setup] defines general configuration parameters |
| 6 | 5 | Martin Willi | * [wiki:ConnSection conn <name>] defines a connection |
| 7 | 5 | Martin Willi | * [wiki:CaSection ca <name>] defines a certification authority |
| 8 | 2 | Martin Willi | |
| 9 | 3 | Martin Willi | There can be only one [wiki:ConfigSetupSection config setup] section but |
| 10 | 3 | Martin Willi | an unlimited number of [wiki:ConnSection conn] and [wiki:CaSection ca] sections. |
| 11 | 4 | Martin Willi | |
| 12 | 4 | Martin Willi | All parameters belonging to a section must be indented by at least one space or tab |
| 13 | 4 | Martin Willi | character. The rest of the line after a '#' character is treated as a comment. |
| 14 | 4 | Martin Willi | Comments within a section must also be indented. |
| 15 | 8 | Martin Willi | |
| 16 | 8 | Martin Willi | == Example == |
| 17 | 8 | Martin Willi | {{{ |
| 18 | 9 | Martin Willi | # /etc/ipsec.conf - strongSwan IPsec configuration file |
| 19 | 9 | Martin Willi | |
| 20 | 8 | Martin Willi | config setup |
| 21 | 8 | Martin Willi | crlcheckinterval=600s |
| 22 | 8 | Martin Willi | cachecrls=yes |
| 23 | 8 | Martin Willi | strictcrlpolicy=yes |
| 24 | 8 | Martin Willi | plutostart=no |
| 25 | 8 | Martin Willi | |
| 26 | 8 | Martin Willi | ca strongswan-ca #define alternative CRL distribution point |
| 27 | 8 | Martin Willi | cacert=strongswanCert.pem |
| 28 | 8 | Martin Willi | crluri=http://crl2.strongswan.org/strongswan.crl |
| 29 | 8 | Martin Willi | auto=add |
| 30 | 8 | Martin Willi | |
| 31 | 8 | Martin Willi | conn %default |
| 32 | 8 | Martin Willi | keyingtries=1 |
| 33 | 8 | Martin Willi | keyexchange=ikev2 |
| 34 | 8 | Martin Willi | |
| 35 | 8 | Martin Willi | conn roadwarrior |
| 36 | 8 | Martin Willi | left=192.168.0.1 |
| 37 | 8 | Martin Willi | leftsubnet=10.1.0.0/16 |
| 38 | 8 | Martin Willi | leftcert=moonCert.pem |
| 39 | 8 | Martin Willi | leftid=@moon.strongswan.org |
| 40 | 8 | Martin Willi | right=%any |
| 41 | 8 | Martin Willi | auto=add |
| 42 | 8 | Martin Willi | }}} |