security-polices: Create a system policy

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/Makefile.am b/Makefile.am
index caaba3820c2ecd61844751c923ba156e7391d01b..560b65c9e98aefd0f6042a0dd8582121498e69b0 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -32,6 +32,7 @@ bashcompletiondir= $(datadir)/bash-completion/completions
 libexecdir       = $(prefix)/lib
 pkgconfigdatadir = $(datadir)/pkgconfig
 pppdir           = $(sysconfdir)/ppp
+systemconfigdir  = $(datadir)/network
 sysctldir        = $(prefix)/lib/sysctl.d
 tmpfilesdir      = $(prefix)/lib/tmpfiles.d
 udevrulesdir     = $(udevdir)/rules.d
@@ -273,6 +274,15 @@ EXTRA_DIST += \
 
 # ------------------------------------------------------------------------------
 
+systemconfig_vpndir = $(systemconfigdir)/vpn
+
+dist_systemconfig_vpn_security_policies_DATA = \
+       config/vpn/security-policies/system
+
+systemconfig_vpn_security_policiesdir = $(systemconfig_vpndir)/security-policies
+
+# ------------------------------------------------------------------------------
+
 dist_sysctl_DATA = \
        src/sysctl/network.conf
 

diff --git a/config/vpn/security-policies/system b/config/vpn/security-policies/system
new file mode 100644 (file)
index 0000000..accf8a2
--- /dev/null
+++ b/config/vpn/security-policies/system
@@ -0,0 +1,7 @@
+KEY_EXCHANGE="ikev2"
+CIPHER="AES256-GCM128 AES192-GCM128 AES128-GCM128 AES256-CBC AES192-CBC AES128-CBC"
+INTEGRITY="SHA512 SHA384 SHA256"
+GROUP_TYPE="MODP8192 MODP4096 MODP2048"
+LIFETIME="28800"
+PFS="on"
+COMPRESSION="on"