|
@ -1,25 +1,25 @@ |
|
|
# $OpenBSD: iked.conf,v 1.2 2012/05/23 16:41:33 mikeb Exp $ |
|
|
|
|
|
|
|
|
# $OpenBSD: iked.conf,v 1.3 2013/03/05 14:52:02 sobrado Exp $ |
|
|
# |
|
|
# |
|
|
# See iked.conf(5) for syntax and examples. |
|
|
# See iked.conf(5) for syntax and examples. |
|
|
|
|
|
|
|
|
# Configure users for the Extensible Authentication Protocol (EAP) |
|
|
# Configure users for the Extensible Authentication Protocol (EAP) |
|
|
user "user1" "password123" |
|
|
|
|
|
user "user2" "password456" |
|
|
|
|
|
|
|
|
#user "user1" "password123" |
|
|
|
|
|
#user "user2" "password456" |
|
|
|
|
|
|
|
|
# Configuration for clients connecting with EAP authentication. |
|
|
# Configuration for clients connecting with EAP authentication. |
|
|
# Remember to set up a PKI, see ikectl(8) for more information. |
|
|
# Remember to set up a PKI, see ikectl(8) for more information. |
|
|
ikev2 "win7" passive esp \ |
|
|
|
|
|
from 10.1.0.0/24 to 10.2.0.0/24 \ |
|
|
|
|
|
local any peer any \ |
|
|
|
|
|
eap "mschap-v2" \ |
|
|
|
|
|
config address 10.2.0.1 \ |
|
|
|
|
|
config name-server 10.1.0.2 \ |
|
|
|
|
|
tag "$name-$id" |
|
|
|
|
|
|
|
|
#ikev2 "win7" passive esp \ |
|
|
|
|
|
# from 10.1.0.0/24 to 10.2.0.0/24 \ |
|
|
|
|
|
# local any peer any \ |
|
|
|
|
|
# eap "mschap-v2" \ |
|
|
|
|
|
# config address 10.2.0.1 \ |
|
|
|
|
|
# config name-server 10.1.0.2 \ |
|
|
|
|
|
# tag "$name-$id" |
|
|
|
|
|
|
|
|
# Configuration for a client authenticating with a pre-shared key. |
|
|
# Configuration for a client authenticating with a pre-shared key. |
|
|
ikev2 esp \ |
|
|
|
|
|
from 10.3.0.0/24 to 10.1.0.0/24 \ |
|
|
|
|
|
from 10.5.0.0/24 to 10.1.0.0/24 \ |
|
|
|
|
|
from 10.5.0.0/24 to 172.16.1.0/24 \ |
|
|
|
|
|
local 192.168.1.1 peer 192.168.2.1 \ |
|
|
|
|
|
psk "you-should-not-use-psk-authentication!" |
|
|
|
|
|
|
|
|
#ikev2 esp \ |
|
|
|
|
|
# from 10.3.0.0/24 to 10.1.0.0/24 \ |
|
|
|
|
|
# from 10.5.0.0/24 to 10.1.0.0/24 \ |
|
|
|
|
|
# from 10.5.0.0/24 to 172.16.1.0/24 \ |
|
|
|
|
|
# local 192.168.1.1 peer 192.168.2.1 \ |
|
|
|
|
|
# psk "you-should-not-use-psk-authentication!" |