32 lines
606 B
Plaintext
32 lines
606 B
Plaintext
conn xauthserver
|
|
#
|
|
left=1.2.3.4
|
|
leftcert=/etc/ipsec.d/certs/xauthserver.pem
|
|
leftxauthserver=yes
|
|
leftmodecfgserver=yes
|
|
#
|
|
right=%any
|
|
rightxauthclient=yes
|
|
rightmodecfgclient=yes
|
|
#
|
|
auto=add
|
|
rekey=yes
|
|
modecfgpull=yes
|
|
modecfgdns1.2.3.4,5.6.7.8
|
|
|
|
conn xauthclient
|
|
#
|
|
left=1.2.3.4
|
|
leftxauthserver=yes
|
|
leftmodecfgserver=yes
|
|
#
|
|
right=%defaultroute
|
|
rightxauthclient=yes
|
|
rightmodecfgclient=yes
|
|
#
|
|
auto=add
|
|
# you probably can not rekey, it requires xauth password, and libreswan does not
|
|
# cache it for you. Other clients might cache it and rekey to an libreswan server
|
|
rekey=no
|
|
modecfgpull=yes
|