We will generate PEM-encoded public keys with the script.
keyingtries=1
keyexchange=ikev2
mobike=no
-
+
conn net-net
left=PH_IP_MOON
leftid=moon.strongswan.org
leftsubnet=10.1.0.0/16
- leftsigkey=moonPub.der
+ leftsigkey=moonPub.pem
leftauth=pubkey
leftfirewall=yes
right=sun.strongswan.org
keyingtries=1
keyexchange=ikev2
mobike=no
-
+
conn net-net
left=PH_IP_SUN
leftid=sun.strongswan.org
leftsubnet=10.2.0.0/16
- leftsigkey=sunPub.der
+ leftsigkey=sunPub.pem
leftauth=pubkey
leftfirewall=yes
right=moon.strongswan.org
config setup
-conn %default
+conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
-conn rw
+conn rw
left=PH_IP_MOON
leftsubnet=10.1.0.0/16
leftid=moon.strongswan.org
leftauth=pubkey
- leftsigkey=moonPub.der
+ leftsigkey=moonPub.pem
leftfirewall=yes
right=%any
rightauth=pubkey
home {
local_addrs = 192.168.0.100
- remote_addrs = 192.168.0.1
+ remote_addrs = 192.168.0.1
vips = 0.0.0.0
local {
auth = pubkey
id = carol.strongswan.org
- pubkeys = carolPub.der
+ pubkeys = carolPub.pem
}
remote {
auth = pubkey
}
children {
home {
- remote_ts = 10.1.0.0/16
+ remote_ts = 10.1.0.0/16
updown = /usr/local/libexec/ipsec/_updown iptables
esp_proposals = aes128gcm128-x25519
home {
local_addrs = 192.168.0.200
- remote_addrs = 192.168.0.1
+ remote_addrs = 192.168.0.1
vips = 0.0.0.0
local {
auth = pubkey
id = dave.strongswan.org
- pubkeys = davePub.der
+ pubkeys = davePub.pem
}
remote {
auth = pubkey
}
children {
home {
- remote_ts = 10.1.0.0/16
+ remote_ts = 10.1.0.0/16
updown = /usr/local/libexec/ipsec/_updown iptables
esp_proposals = aes128gcm128-x25519
local {
auth = pubkey
id = moon.strongswan.org
- pubkeys = moonPub.der
+ pubkeys = moonPub.pem
}
remote {
auth = pubkey
}
children {
net {
- local_ts = 10.1.0.0/16
+ local_ts = 10.1.0.0/16
updown = /usr/local/libexec/ipsec/_updown iptables
esp_proposals = aes128gcm128-x25519