Strongswan ipsec configuration

https://raymii.org/s/tutorials/IPSEC_vpn_with_Ubuntu_16.04.html

example 1

# ipsec.conf - strongSwan IPsec configuration file

config setup
 
conn azure
        leftupdown=/usr/local/sbin/ipsec-notify.sh # Script to create a VTI and configure the necessary routing when doing "ipsec up azure" (and remove changes when doing "ipsec down azure")
        authby=secret
        type=tunnel
        left=1.2.3.4 # StrongSwan's Public IP address
        leftsubnet=100.64.0.0/24 # StrongSwan's IP address space / protected network(s)
        right=4.3.2.1 #Azure Dynamic Gateway's IP address
        rightsubnet=10.11.0.0/16,10.12.0.0/16 #Azure VNET address space
        auto=route
        keyexchange=ikev2 # Mandatory for Dynamic / Route-based gateway

example 2

# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup

# Sample VPN connections

conn strongswan
 closeaction=restart
 dpdaction=restart
 ike=aes256-sha1-modp1024
 esp=aes256-sha1
 reauth=no
 keyexchange=ikev2
 ikelifetime=28800s
 keylife=3600s
 keyingtries=%forever
 authby=secret
 type=tunnel
 forceencaps=yes
 left=192.168.0.yy
 leftsourceip=192.168.0.yy
 leftid=51.141.x.xxx
 #leftsubnet=192.168.0.0/23
 leftsubnet=0.0.0.0/0
 right=40.78.zzz.zzz
 rightsubnet=10.1.0.0/23
 auto=start

include /var/lib/strongswan/ipsec.conf.inc

...

vigor: IpSec/StrongSwan (last edited 2017-08-10 11:33:40 by PieterSmit)