version 1.2, 2012/05/23 16:41:33 |
version 1.3, 2013/03/05 14:52:02 |
|
|
# See iked.conf(5) for syntax and examples. |
# See iked.conf(5) for syntax and examples. |
|
|
# Configure users for the Extensible Authentication Protocol (EAP) |
# Configure users for the Extensible Authentication Protocol (EAP) |
user "user1" "password123" |
#user "user1" "password123" |
user "user2" "password456" |
#user "user2" "password456" |
|
|
# Configuration for clients connecting with EAP authentication. |
# Configuration for clients connecting with EAP authentication. |
# Remember to set up a PKI, see ikectl(8) for more information. |
# Remember to set up a PKI, see ikectl(8) for more information. |
ikev2 "win7" passive esp \ |
#ikev2 "win7" passive esp \ |
from 10.1.0.0/24 to 10.2.0.0/24 \ |
# from 10.1.0.0/24 to 10.2.0.0/24 \ |
local any peer any \ |
# local any peer any \ |
eap "mschap-v2" \ |
# eap "mschap-v2" \ |
config address 10.2.0.1 \ |
# config address 10.2.0.1 \ |
config name-server 10.1.0.2 \ |
# config name-server 10.1.0.2 \ |
tag "$name-$id" |
# tag "$name-$id" |
|
|
# Configuration for a client authenticating with a pre-shared key. |
# Configuration for a client authenticating with a pre-shared key. |
ikev2 esp \ |
#ikev2 esp \ |
from 10.3.0.0/24 to 10.1.0.0/24 \ |
# from 10.3.0.0/24 to 10.1.0.0/24 \ |
from 10.5.0.0/24 to 10.1.0.0/24 \ |
# from 10.5.0.0/24 to 10.1.0.0/24 \ |
from 10.5.0.0/24 to 172.16.1.0/24 \ |
# from 10.5.0.0/24 to 172.16.1.0/24 \ |
local 192.168.1.1 peer 192.168.2.1 \ |
# local 192.168.1.1 peer 192.168.2.1 \ |
psk "you-should-not-use-psk-authentication!" |
# psk "you-should-not-use-psk-authentication!" |