load the mac address from flash where it is possible

[openwrt/staging/chunkeey.git] / package / strongswan / files / ipsec.conf

version 2.0

config setup
        interfaces=%defaultroute
        nat_traversal=yes               # required on both ends
        uniqueids=yes                   # makes sense on client, not server
        hidetos=no

conn %default
        authby=rsasig
        keyingtries=3
        keyexchange=ike
        left=%defaultroute
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        dpdtimeout=30                   # keepalive must arrive within
        dpddelay=5                      # secs before keepalives start
        compress=no                     # breaks double nat installations
        pfs=yes

conn sample
        leftca=%same
        leftcert=my.certificate.crt
        leftsourceip=192.168.10.1
        leftsubnet=192.168.10.0/24
        right=my.vpn.concentrator.net.
        rightca=%same
        rightid="C=??, ST=??, O=??, OU=??, CN=my.vpn.concentrator.net, E=root@concentrator.net"
        rightsourceip=192.168.11.1
        rightsubnet=192.168.11.0/24
        dpdaction=hold
        auto=start