From 246a375dfb10e56743d9d536ec5a30a82eb08f90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Bourdeauducq?= Date: Thu, 5 Sep 2024 14:36:37 +0800 Subject: [PATCH] add remote IPsec settings --- remote-ipsec.txt | 49 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 remote-ipsec.txt diff --git a/remote-ipsec.txt b/remote-ipsec.txt new file mode 100644 index 00000000..bc45f662 --- /dev/null +++ b/remote-ipsec.txt @@ -0,0 +1,49 @@ +connections { + bypass-ipsec { + remote_addrs = 127.0.0.1 + children { + bypass-isakmp-v4 { + local_ts = 0.0.0.0/0[udp/isakmp] + remote_ts = 0.0.0.0/0[udp/isakmp] + mode = pass + start_action = trap + } + bypass-isakmp-v6 { + local_ts = ::/0[udp/isakmp] + remote_ts = ::/0[udp/isakmp] + mode = pass + start_action = trap + } + } + } + m_labs { + version = 2 + encap = no + mobike = no + send_certreq = no + proposals = aes128gcm128-sha256-prfsha256-curve25519,aes128gcm128-sha256-prfsha256-ecp256 + local_addrs = 103.206.98.1 + remote_addrs = 94.190.212.123 + local { + auth = pubkey + id = fqdn:igw0.hkg.as150788.net + pubkeys = igw0.hkg.as150788.net + } + remote { + auth = pubkey + id = fqdn:m-labs.hk + pubkeys = m-labs.hk + } + children { + con1 { + mode = transport + ah_proposals = sha256-curve25519,sha256-ecp256 + esp_proposals = + local_ts = 103.206.98.1[gre] + remote_ts = 94.190.212.123[gre] + start_action = none + close_action = none + } + } + } +}