-
-
Save Nerevarishe/dabceddcb3243851a56ca14dd8cc3dba to your computer and use it in GitHub Desktop.
Roadwarrior configuration for macOS 10.12, iOS 10 and Windows 10 using strongSwan and user certificates
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| config setup | |
| charondebug="all" | |
| conn roadwarrior | |
| keyexchange=ikev2 | |
| ike=aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024,aes256-sha1-modp1024,aes256-sha256-modp1024,aes256-sha256-modp1536,aes256-sha256-modp2048,aes256-sha256-modp4096,aes256-sha384-ecp384,aes256-sha384-modp1024,aes256-sha384-modp1536,aes256-sha384-modp2048,aes256-sha384-modp4096,aes256gcm16-aes256gcm12-aes128gcm16-aes128gcm12-sha256-sha1-modp2048-modp4096-modp1024,3des-sha1-modp1024! | |
| esp=aes128-aes256-sha1-sha256-modp2048-modp4096-modp1024,aes128-sha1,aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes128gcm12-aes128gcm16-aes256gcm12-aes256gcm16-modp2048-modp4096-modp1024,aes128gcm16,aes128gcm16-ecp256,aes256-sha1,aes256-sha256,aes256-sha256-modp1024,aes256-sha256-modp1536,aes256-sha256-modp2048,aes256-sha256-modp4096,aes256-sha384,aes256-sha384-ecp384,aes256-sha384-modp1024,aes256-sha384-modp1536,aes256-sha384-modp2048,aes256-sha384-modp4096,aes256gcm16,aes256gcm16-ecp384,3des-sha1! | |
| dpdaction=clear | |
| dpddelay=60s | |
| left=%any | |
| leftid=<VPN_SERVER_IP> | |
| #leftsubnet=0.0.0.0/0 | |
| leftsubnet=<INTERNAL SUBNET> | |
| leftcert=vpnHostCert.der | |
| leftsendcert=always | |
| right=%any | |
| rightauth=eap-tls | |
| rightsourceip=%dhcp | |
| rightdns=8.8.8.8,2001:4860:4860::8888 | |
| auto=add | |
| eap_identity=%identity |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| dhcp { | |
| # Always use the configured server address. | |
| force_server_address = yes | |
| # Derive user-defined MAC address from hash of IKE identity. | |
| #identity_lease = no | |
| # Interface name the plugin uses for address allocation. | |
| # interface = | |
| # Whether to load the plugin. Can also be an integer to increase the | |
| # priority of this plugin. | |
| load = yes | |
| # DHCP server unicast or broadcast IP address. | |
| # server = 255.255.255.255 | |
| server = 10.1.255.255 | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # IP forwarding so VPN can forward to and from the VPN to the local lan, and internet | |
| net.ipv4.ip_forward=1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment