GaPRA6xb

· 9 years ago · Nov 05, 2016, 07:48 PM
1HOME_SERVER_CONFIG                                                         |WORK_SERVER_CONFIG
2===========================================================================|===========================================================================
3config setup                                                               |config setup
4        uniqueids=no                                                       |        uniqueids=no
5        strictcrlpolicy=no                                                 |        strictcrlpolicy=no
6        charondebug="ike 2, knl 2, cfg 3, mgr 3, chd 2, net 2"             |        charondebug="ike 2, knl 2, cfg 3, mgr 3, chd 2, net 2"
7                                                                           |
8conn %default                                                              |conn %default
9        left=%ETH0%                                                        |        left=%ETH0%
10        leftsourceip=%ETH0%                                                |        leftsourceip=<WORK_SERVER_IP>
11        leftid=fw.home.tld                                                 |        leftid=fw.work.tld
12        leftcert=fw.home.tld.pem                                           |        leftcert=jumpbox.pem
13        # 10.0.0.0/9 => 10.0.0.0-10.127.255.255  (8388608)                 |        # => 10.192.0.0-10.255.255.255
14        leftsubnet=192.168.69.0/24,10.0.0.0/9                              |        leftsubnet=10.192.0.0/10
15        leftdns=192.168.69.1                                               |        leftdns=10.203.0.2
16        leftfirewall=yes                                                   |        leftfirewall=yes
17        leftsendcert=always                                                |        leftsendcert=always
18                                                                           |
19        rightsourceip=192.168.6.0/24                                       |        rightsourceip=10.209.0.0/24
20        rightdns=192.168.69.1                                              |        rightdns=10.203.0.2
21                                                                           |
22        keyexchange=ikev2                                                  |        keyexchange=ikev2
23        dpdaction=clear                                                    |        dpdaction=clear
24        dpddelay=2400s                                                     |        dpddelay=2400s
25        fragmentation=yes                                                  |        fragmentation=yes
26        forceencaps=yes                                                    |        forceencaps=yes
27        compress=yes                                                       |        compress=yes
28                                                                           |
29ca home                                                                    |ca work
30        cacert=home.tld.pem                                                |        cacert=work.tld.pem
31        auto=add                                                           |        auto=add
32                                                                           |
33ca work                                                                    |ca home
34        cacert=work.tld.pem                                                |        cacert=home.tld.pem
35        auto=add                                                           |        auto=add
36                                                                           |
37conn client                                                                |conn client
38        right=%any                                                         |        right=%any
39        rightid=%any                                                       |        rightid=%any
40        rightauth=eap-mschapv2                                             |        rightauth=eap-mschapv2
41                                                                           |
42        eap_identity=%identity                                             |        eap_identity=%identity
43        type=tunnel                                                        |        type=tunnel
44        auto=add                                                           |        auto=add
45                                                                           |
46conn work                                                                  |conn home
47        right=<WORK_SERVER_IP>                                             |        right=fw.home.tld
48        rightid=fw.work.tld                                                |        rightid=fw.home.tld
49        rightsourceip=10.209.0.0/24                                        |        rightsourceip=192.168.6.0/24
50        rightsubnet=10.192.0.0/10                                          |        rightsubnet=192.168.69.0/24,10.0.0.0/9
51        rightfirewall=yes                                                  |        rightfirewall=yes
52                                                                           |
53        mobike=no                                                          |        mobike=no
54        dpdaction=restart                                                  |        dpdaction=restart
55        authby=psk                                                         |        authby=psk
56        type=tunnel                                                        |        type=tunnel
57        auto=add                                                           |        auto=add
58                                                                           |
59                                                                           |
60ipsec.secrets:    fw.home.tld fw.work.tld : PSK "<SECRET_KEY>"             |ipsec.secrets:    fw.home.tld fw.work.tld : PSK "<SECRET_KEY>"