hash-and-url avoids IP fragmentation, cert and crl fetch based on IPv6
[strongswan.git] / testing / tests / ipv6 / host2host-ikev2 / hosts / sun / etc / ipsec.conf
1 # /etc/ipsec.conf - strongSwan IPsec configuration file
2
3 config setup
4         strictcrlpolicy=no
5         crlcheckinterval=180
6         plutostart=no
7
8 ca strongswan
9         cacert=strongswanCert.pem
10         certuribase=http://ip6-winnetou.strongswan.org/certs/
11         crluri=http://ip6-winnetou.strongswan.org/strongswan.crl
12         auto=add
13
14 conn %default
15         ikelifetime=60m
16         keylife=20m
17         rekeymargin=3m
18         keyingtries=1
19         keyexchange=ikev2
20
21 conn net-net
22         also=host-host
23         leftsubnet=fec2::0/16
24         rightsubnet=fec1::0/16
25
26 conn host-host
27         left=PH_IP6_SUN
28         leftcert=sunCert.pem
29         leftid=@sun.strongswan.org
30         leftfirewall=yes
31         right=PH_IP6_MOON
32         rightid=@moon.strongswan.org
33         auto=add