2016-08-14 17:03:33 +00:00
config setup
uniqueids = never # allow multiple connections per user
charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2, mgr 2"
conn %default
2016-12-14 16:42:39 +00:00
fragmentation=yes
rekey=no
dpdaction=clear
keyexchange=ikev2
compress=yes
dpddelay=35s
2016-09-26 19:07:34 +00:00
2016-11-26 22:37:17 +00:00
{% if Win10_Enabled is defined and Win10_Enabled == "Y" %}
ike=aes128gcm16-sha2_256-prfsha256-ecp256,aes256-sha2_256-prfsha256-modp2048!
2016-11-29 19:14:18 +00:00
esp=aes128gcm16-sha2_256-ecp256,aes256-sha2_256-modp2048!
2016-11-26 22:37:17 +00:00
{% else %}
2016-11-29 19:14:18 +00:00
ike=aes128gcm16-sha2_256-prfsha256-ecp256!
esp=aes128gcm16-sha2_256-ecp256!
2016-11-26 22:37:17 +00:00
{% endif %}
2016-08-14 17:03:33 +00:00
left=%any
leftauth=pubkey
2016-08-18 09:17:46 +00:00
leftid={{ IP_subject_alt_name }}
leftcert={{ IP_subject_alt_name }}.crt
2016-08-14 17:03:33 +00:00
leftsendcert=always
leftsubnet=0.0.0.0/0,::/0
right=%any
rightauth=pubkey
rightsourceip={{ vpn_network }},{{ vpn_network_ipv6 }}
2016-10-26 15:56:23 +00:00
{% if local_dns is defined and local_dns == "Y" %}
2016-08-21 10:29:53 +00:00
rightdns={{ local_service_ip }}
{% else %}
2016-12-12 15:52:34 +00:00
rightdns={% for host in dns_servers.ipv4 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}{% if ipv6_support is defined and ipv6_support == "yes" %},{% for host in dns_servers.ipv6 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}
2016-09-26 19:07:34 +00:00
{% endif %}
2016-08-14 17:03:33 +00:00
conn ikev2-pubkey
2016-09-26 19:07:34 +00:00
auto=add
