shunt-manager: Install passthrough policies with highest priority
[strongswan.git] / testing / tests / ikev2 / shunt-policies / hosts / moon / etc / ipsec.conf
1 # /etc/ipsec.conf - strongSwan IPsec configuration file
2
3 config setup
4
5 conn %default
6         ikelifetime=60m
7         keylife=20m
8         rekeymargin=3m
9         keyingtries=1
10         keyexchange=ikev2
11         mobike=no
12
13 conn local-net
14         leftsubnet=10.1.0.0/16
15         rightsubnet=10.1.0.0/16
16         authby=never
17         type=pass
18         auto=route
19
20 conn venus-icmp
21         leftsubnet=PH_IP_VENUS/32
22         rightsubnet=0.0.0.0/0
23         leftprotoport=icmp
24         rightprotoport=icmp
25         leftauth=any
26         rightauth=any   
27         type=drop
28         auto=route
29
30 conn net-net 
31         left=PH_IP_MOON
32         leftcert=moonCert.pem
33         leftid=@moon.strongswan.org
34         leftsubnet=10.1.0.0/16
35         leftfirewall=yes
36         lefthostaccess=yes
37         right=PH_IP_SUN
38         rightid=@sun.strongswan.org
39         rightsubnet=0.0.0.0/0
40         auto=add