From: Mathieu Baudier <mbaudier@argeo.org>
Date: Tue, 7 Mar 2023 05:48:15 +0000 (+0100)
Subject: Roaming IPSec configuration
X-Git-Tag: v2.3.0~11
X-Git-Url: https://git.argeo.org/?p=gpl%2Fargeo-freed.git;a=commitdiff_plain;h=6a0c68c172ca15a6724689f524340cd9d1733891

Roaming IPSec configuration
---

diff --git a/libreswan/etc/ipsec.d/roaming.conf b/libreswan/etc/ipsec.d/roaming.conf
new file mode 100644
index 0000000..b18969c
--- /dev/null
+++ b/libreswan/etc/ipsec.d/roaming.conf
@@ -0,0 +1,27 @@
+# Generic roaming configurations
+conn roaming-ipv6
+	hostaddrfamily=ipv6
+	also=roaming-common
+
+	ipsec-interface=yes
+
+conn roaming-ipv4
+	hostaddrfamily=ipv4
+	also=roaming-common
+
+	# Required so that client is considered IPv6
+	leftsubnet=::0/0
+	ipsec-interface=yes
+	leftupdown="/usr/libexec/ipsec/_updown.host4client6"
+
+conn roaming-common
+	# Authorisation
+	authby=rsa-sha2
+	leftid=%fromcert
+	rightid=%fromcert
+	leftcert=ipa-client
+
+	# Networking
+	left=%defaultroute
+	clientaddrfamily=ipv6
+	leftmodecfgclient=yes