We will generate PEM-encoded public keys with the script.
12 files changed:
keyingtries=1
keyexchange=ikev2
mobike=no
keyingtries=1
keyexchange=ikev2
mobike=no
conn net-net
left=PH_IP_MOON
leftid=moon.strongswan.org
leftsubnet=10.1.0.0/16
conn net-net
left=PH_IP_MOON
leftid=moon.strongswan.org
leftsubnet=10.1.0.0/16
leftauth=pubkey
leftfirewall=yes
right=sun.strongswan.org
leftauth=pubkey
leftfirewall=yes
right=sun.strongswan.org
keyingtries=1
keyexchange=ikev2
mobike=no
keyingtries=1
keyexchange=ikev2
mobike=no
conn net-net
left=PH_IP_SUN
leftid=sun.strongswan.org
leftsubnet=10.2.0.0/16
conn net-net
left=PH_IP_SUN
leftid=sun.strongswan.org
leftsubnet=10.2.0.0/16
leftauth=pubkey
leftfirewall=yes
right=moon.strongswan.org
leftauth=pubkey
leftfirewall=yes
right=moon.strongswan.org
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
left=PH_IP_MOON
leftsubnet=10.1.0.0/16
leftid=moon.strongswan.org
leftauth=pubkey
left=PH_IP_MOON
leftsubnet=10.1.0.0/16
leftid=moon.strongswan.org
leftauth=pubkey
leftfirewall=yes
right=%any
rightauth=pubkey
leftfirewall=yes
right=%any
rightauth=pubkey
home {
local_addrs = 192.168.0.100
home {
local_addrs = 192.168.0.100
- remote_addrs = 192.168.0.1
+ remote_addrs = 192.168.0.1
vips = 0.0.0.0
local {
auth = pubkey
id = carol.strongswan.org
vips = 0.0.0.0
local {
auth = pubkey
id = carol.strongswan.org
- remote_ts = 10.1.0.0/16
+ remote_ts = 10.1.0.0/16
updown = /usr/local/libexec/ipsec/_updown iptables
esp_proposals = aes128gcm128-x25519
updown = /usr/local/libexec/ipsec/_updown iptables
esp_proposals = aes128gcm128-x25519
home {
local_addrs = 192.168.0.200
home {
local_addrs = 192.168.0.200
- remote_addrs = 192.168.0.1
+ remote_addrs = 192.168.0.1
vips = 0.0.0.0
local {
auth = pubkey
id = dave.strongswan.org
vips = 0.0.0.0
local {
auth = pubkey
id = dave.strongswan.org
- remote_ts = 10.1.0.0/16
+ remote_ts = 10.1.0.0/16
updown = /usr/local/libexec/ipsec/_updown iptables
esp_proposals = aes128gcm128-x25519
updown = /usr/local/libexec/ipsec/_updown iptables
esp_proposals = aes128gcm128-x25519
local {
auth = pubkey
id = moon.strongswan.org
local {
auth = pubkey
id = moon.strongswan.org
}
remote {
auth = pubkey
}
children {
net {
}
remote {
auth = pubkey
}
children {
net {
updown = /usr/local/libexec/ipsec/_updown iptables
esp_proposals = aes128gcm128-x25519
updown = /usr/local/libexec/ipsec/_updown iptables
esp_proposals = aes128gcm128-x25519