]>
Commit | Line | Data |
---|---|---|
6aa77031 AS |
1 | connections { |
2 | ||
3 | rw-allow { | |
4 | local_addrs = 192.168.0.1 | |
5 | ||
6 | local { | |
7 | auth = pubkey | |
8 | id = moon.strongswan.org | |
9 | certs = moonCert.pem | |
10 | } | |
11 | remote { | |
12 | auth = eap-radius | |
13 | id = *@strongswan.org | |
14 | groups = allow | |
15 | } | |
16 | children { | |
17 | rw-allow { | |
18 | local_ts = 10.1.0.0/28 | |
19 | ||
20 | updown = /usr/local/libexec/ipsec/_updown iptables | |
21 | esp_proposals = aes128gcm16-ecp256 | |
22 | } | |
23 | } | |
24 | version = 2 | |
25 | send_certreq = no | |
26 | proposals = aes128-sha256-ecp256 | |
27 | } | |
28 | ||
29 | rw-isolate { | |
30 | local_addrs = 192.168.0.1 | |
31 | ||
32 | local { | |
33 | auth = pubkey | |
34 | id = moon.strongswan.org | |
35 | } | |
36 | remote { | |
37 | auth = eap-radius | |
38 | id = *@strongswan.org | |
39 | groups = isolate | |
40 | } | |
41 | children { | |
42 | rw-isolate { | |
43 | local_ts = 10.1.0.16/28 | |
44 | ||
45 | updown = /usr/local/libexec/ipsec/_updown iptables | |
46 | esp_proposals = aes128gcm16-ecp256 | |
47 | } | |
48 | } | |
49 | version = 2 | |
50 | send_certreq = no | |
51 | proposals = aes128-sha256-ecp256 | |
52 | } | |
53 | } |