From 6a0c68c172ca15a6724689f524340cd9d1733891 Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Tue, 7 Mar 2023 06:48:15 +0100
Subject: [PATCH] Roaming IPSec configuration

---
 libreswan/etc/ipsec.d/roaming.conf | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 libreswan/etc/ipsec.d/roaming.conf

diff --git a/libreswan/etc/ipsec.d/roaming.conf b/libreswan/etc/ipsec.d/roaming.conf
new file mode 100644
index 0000000..b18969c
--- /dev/null
+++ b/libreswan/etc/ipsec.d/roaming.conf
@@ -0,0 +1,27 @@
+# Generic roaming configurations
+conn roaming-ipv6
+	hostaddrfamily=ipv6
+	also=roaming-common
+
+	ipsec-interface=yes
+
+conn roaming-ipv4
+	hostaddrfamily=ipv4
+	also=roaming-common
+
+	# Required so that client is considered IPv6
+	leftsubnet=::0/0
+	ipsec-interface=yes
+	leftupdown="/usr/libexec/ipsec/_updown.host4client6"
+
+conn roaming-common
+	# Authorisation
+	authby=rsa-sha2
+	leftid=%fromcert
+	rightid=%fromcert
+	leftcert=ipa-client
+
+	# Networking
+	left=%defaultroute
+	clientaddrfamily=ipv6
+	leftmodecfgclient=yes
-- 
2.30.2