testing/tests/ikev2/protoport-trap/hosts/carol/etc/swanctl/swanctl.conf

   1 connections {
   2
   3    home {
   4       local_addrs  = 192.168.0.100
   5       remote_addrs = 192.168.0.1
   6
   7       local {
   8          auth = pubkey
   9          certs = carolCert.pem
  10          id = carol@strongswan.org
  11       }
  12       remote {
  13          auth = pubkey
  14          id = moon.strongswan.org
  15       }
  16       children {
  17          icmp {
  18             local_ts  = dynamic[icmp]
  19             remote_ts = 10.1.0.0/16[icmp]
  20
  21             updown = /usr/local/libexec/ipsec/_updown iptables
  22             esp_proposals = aes128gcm128-x25519
  23             start_action = trap
  24          }
  25          ssh {
  26             local_ts  = dynamic[tcp]
  27             remote_ts = 10.1.0.0/16[tcp/ssh]
  28
  29             updown = /usr/local/libexec/ipsec/_updown iptables
  30             esp_proposals = aes128gcm128-x25519
  31             start_action = trap
  32          }
  33       }
  34       version = 2
  35       proposals = aes128-sha256-x25519
  36    }
  37 }