hash-and-url avoids IP fragmentation, cert and crl fetch based on IPv6
[strongswan.git] / testing / tests / ipv6 / net2net-ip4-in-ip6-ikev2 / hosts / sun / etc / ipsec.conf
1 # /etc/ipsec.conf - strongSwan IPsec configuration file
2
3 config setup
4         strictcrlpolicy=no
5         crlcheckinterval=180
6         plutostart=no
7
8 ca strongswan
9         cacert=strongswanCert.pem
10         certuribase=http://ip6-winnetou.strongswan.org/certs/
11         crluri=http://ip6-winnetou.org/strongswan.crl
12         auto=add
13
14 conn %default
15         ikelifetime=60m
16         keylife=20m
17         rekeymargin=3m
18         keyingtries=1
19         keyexchange=ikev2
20         mobike=no
21
22 conn net-net
23         also=host-host
24         leftsubnet=10.2.0.0/16
25         rightsubnet=10.1.0.0/16
26
27 conn host-host
28         left=PH_IP6_SUN
29         leftcert=sunCert.pem
30         leftid=@sun.strongswan.org
31         leftfirewall=yes
32         right=PH_IP6_MOON
33         rightid=@moon.strongswan.org
34         auto=add