Dustin C. Hatch
42b8d2e54f
The *dch-vpn-server* role configures strongSwan to act as an IPsec responder for `vpn.pyrocufflink.net` and provide an IKEv2/IPsec VPN for remote access clients, as well as the reverse VPN to FireMon.
30 lines
677 B
Plaintext
30 lines
677 B
Plaintext
conn dhatch-d4b
|
|
keyexchange = ikev2
|
|
dpdaction = clear
|
|
dpddelay = 300s
|
|
left = %defaultroute
|
|
leftauth = pubkey
|
|
leftid = @vpn.pyrocufflink.net
|
|
leftcert = vpn.pyrocufflink.net.cer
|
|
leftsubnet = 172.31.0.0/27
|
|
leftfirewall = yes
|
|
right = %any
|
|
rightauth = pubkey
|
|
rightid = "C=US, O=Dustin C. Hatch, CN=dhatch-d4b.securepassage.com"
|
|
rightsubnet = 0.0.0.0/0
|
|
auto = add
|
|
|
|
conn remote-access
|
|
keyexchange = ikev2
|
|
dpdaction = clear
|
|
dpddelay = 300s
|
|
left = %defaultroute
|
|
leftid = @vpn.pyrocufflink.net
|
|
leftcert = vpn.pyrocufflink.net.cer
|
|
leftsubnet = 0.0.0.0/0
|
|
right = %any
|
|
rightsourceip = 172.31.0.64/28
|
|
rightauth = pubkey
|
|
rightdns = 172.31.0.4,172.31.0.10
|
|
auto = add
|