Subversion Repositories configs

Rev

Rev 3 | Blame | Compare with Previous | Last modification | View Log | RSS feed 

# /etc/ipsec.conf - Libreswan IPsec configuration file

# This file:  /etc/ipsec.conf
#
# Enable when using this configuration file with openswan instead of libreswan
#version 2
#
# Manual:     ipsec.conf.5

# basic configuration
config setup
        # which IPsec stack to use, "netkey" (the default), "klips" or "mast".
        # For MacOSX use "bsd"
        protostack=netkey
        #
        # Normally, pluto logs via syslog. If you want to log to a file,
        # specify below or to disable logging, eg for embedded systems, use
        # the file name /dev/null
        # Note: SElinux policies might prevent pluto writing to a log file at
        #       an unusual location.
        #logfile=/var/log/pluto.log
        #
        # The interfaces= line is only required for the klips/mast stack
        #interfaces="%defaultroute"
        #interfaces="ipsec0=eth0 ipsec1=ppp0"
        #
        # If you want to limit listening on a single IP - not required for
        # normal operation
        #listen=127.0.0.1
        #
        # Do not set debug options to debug configuration issues!
        #
        # plutodebug / klipsdebug = "all", "none" or a combation from below:
        # "raw crypt parsing emitting control kernel pfkey natt x509 dpd
        #  private".
        # Note: "crypt" is not included with "all", as it can show confidential
        #       information. It must be specifically specified
        # examples:
        # plutodebug="control parsing"
        # plutodebug="all crypt"
        # Again: only enable plutodebug or klipsdebug when asked by a developer
        #plutodebug=none
        #klipsdebug=none
        #
        # Enable core dumps (might require system changes, like ulimit -C)
        # This is required for abrtd to work properly
        # Note: SElinux policies might prevent pluto writing the core at
        #       unusual locations
        dumpdir=/var/run/pluto/
        #
        # NAT-TRAVERSAL support
        # exclude networks used on server side by adding %v4:!a.b.c.0/24
        # It seems that T-Mobile in the US and Rogers/Fido in Canada are
        # using 25/8 as "private" address space on their wireless networks.
        # This range has never been announced via BGP (at least upto 2015)
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10

# For example connections, see your distribution's documentation directory,
# or https://libreswan.org/wiki/
#
# There is also a lot of information in the manual page, "man ipsec.conf"
#
# It is best to add your IPsec connections as separate files in /etc/ipsec.d/
include /etc/ipsec.d/*.conf