projects / gpl / argeo-freed.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 70efba4)
Roaming IPSec configuration
authorMathieu Baudier <mbaudier@argeo.org>
Tue, 7 Mar 2023 05:48:15 +0000 (06:48 +0100)
committerMathieu Baudier <mbaudier@argeo.org>
Tue, 7 Mar 2023 05:48:15 +0000 (06:48 +0100)
libreswan/etc/ipsec.d/roaming.conf [new file with mode: 0644] patch | blob

diff --git a/libreswan/etc/ipsec.d/roaming.conf b/libreswan/etc/ipsec.d/roaming.conf
new file mode 100644 (file)
index 0000000..b18969c
--- /dev/null
+++ b/libreswan/etc/ipsec.d/roaming.conf
@@ -0,0 +1,27 @@
+# Generic roaming configurations
+conn roaming-ipv6
+       hostaddrfamily=ipv6
+       also=roaming-common
+
+       ipsec-interface=yes
+
+conn roaming-ipv4
+       hostaddrfamily=ipv4
+       also=roaming-common
+
+       # Required so that client is considered IPv6
+       leftsubnet=::0/0
+       ipsec-interface=yes
+       leftupdown="/usr/libexec/ipsec/_updown.host4client6"
+
+conn roaming-common
+       # Authorisation
+       authby=rsa-sha2
+       leftid=%fromcert
+       rightid=%fromcert
+       leftcert=ipa-client
+
+       # Networking
+       left=%defaultroute
+       clientaddrfamily=ipv6
+       leftmodecfgclient=yes
Argeo FREEd - Fair Reasonable Extensible Expectations daemons