DevOps Buzz
  • Initial page
  • About me
  • Ansible
    • Cheat Sheet
    • Dynamic inventory
  • AKS
    • Cheat Sheet
    • Autoscale
    • Backup
    • Dashboard
    • Ingress
    • Node management
    • News
    • Persistent Volumes
  • Arch Linux
    • Docker
    • Install
    • Network
    • VirtualBox guest
  • Azure
    • API
    • CLI/Powershell
    • DevOps
      • Cheat Sheet
    • Application Gateway
    • Tools
    • Sops
  • AWS
    • Cheat Sheet
    • Tools
    • Cognito with Amplify and React
  • Bash / Shell
    • Cheat Sheet
    • Tools
  • Bitbucket
    • Cheat Sheet
  • CSS
    • Cheat Sheet
  • Distros
    • Manjaro
  • Docker
    • Cheat Sheet
    • ELK
    • Ubuntu NoVNC
    • Tools
    • Known errors and solutions
  • Elasticsearch
    • Cheat Sheet
    • Tools
  • ELK
    • Cheat Sheet
  • emacs
    • Cheat sheet
  • Gatekeeper (OPA)
    • Cheat Sheet
    • Developer Quick Start
  • GCP
    • Cheat Sheet
  • General
    • Tools
    • News
  • Git
    • Cheat Sheet
    • Tools
  • Golang
    • Cheat Sheet
  • Guidelines / Standards
    • Cheat Sheet
  • i3wm
    • Cheat Sheet
  • Ipsec
    • Cheat sheet
  • Istio
    • Cheat Sheet
  • Kind
    • Cheat Sheet
  • Kops
    • Cheat Sheet
  • Kubeadm
    • Cheat Sheet
    • Change serviceSubnet CIDR
    • Setup cluster
      • Azure
      • Bare-metal
      • Vagrant + VirtualBox
    • Multi master
    • Known errors and solutions
  • Kubernetes
    • Kubectl Cheat Sheet
    • etcd Cheat Sheet
    • Tools
    • News
    • Deployments
      • Deployment examples
      • Blue/Green Deployment
      • Canary Deployment
    • Dashboard
    • ELK
    • Helm
    • Ingress
    • logz.io
    • Minikube
    • Monitoring
    • Node Management
    • Operators
    • Security
    • Volumes
    • Networking
    • kube-controller-manager
      • Node crash recovery
    • Known errors and solutions
  • Lumen
    • Cheat Sheet
  • MACOS
    • Cheat Sheet
    • Qemu
    • Zsh
  • microk8s
    • Cheat Sheet
  • MongoDB
    • Cheat Sheet
    • Tools
  • MySQL
    • Cheat Sheet
  • Network
    • Tools
    • WDS - Wireless Distribution System
    • Expose server under NAT
  • nvim
    • Cheat Sheet
  • Openvpn
    • OpenVPN server on Ubuntu 18.06
    • Stunnel
  • PHP
    • Composer
  • Prometheus
    • Tools
  • Python
    • Cheat Sheet
    • Pydantic
    • Tools / Modules
    • Virtualenv
  • RabbitMQ
    • Cheat Sheet
  • ReactJS
    • Fixes
    • For beginners
  • Ruby
    • Cheat Sheet
    • Rails
    • rvm
  • Rundeck
    • Cheat Sheet
  • Rust
    • Cheat Sheet
  • Squid
    • Setup server
    • Expose NAT server
  • SRE
    • Cheat Sheet
  • SSH
    • Passwordless auth with RSA key
    • Reverse tunnel
    • Cheat Sheet
  • SSL
    • Cheat Sheet
    • certbot
  • STACK SETUP
    • Using EKS and Gitlab CI to deploy applications
  • Terraform
    • Cheat Sheet
    • Tools
  • Tmux
    • Cheat Sheet
  • Tor
    • Cheat Sheet
  • Ubuntu
    • Cheat Sheet
  • Vagrant
    • Cheat Sheet
  • VirtualBox
    • Cheat Sheet
  • Windows
    • Windows Docker
    • Fingerprint
    • SSH Client
    • Tools
    • VirtualBox
    • WSL
Powered by GitBook
On this page
  • Get connections status logs
  • Restart connection
  • Config
  • Documentation
  • Example
  1. Ipsec

Cheat sheet

PreviousCheat SheetNextCheat Sheet

Last updated 6 years ago

Get connections status logs

ipsec statusall

Restart connection

mkdir -p /var/run/xl2tpd
touch /var/run/xl2tpd/l2tp-control
service strongswan restart
sleep 2
service xl2tpd restart
sleep 2
ipsec up YOUR-CONNECTION

Config

Documentation

Example

/etc/ipsec.conf
version 2.0

config setup
	charonstart=yes
	interfaces="%none"
	nat_traversal=yes
	plutodebug="all"

conn clear
	auto=ignore

conn clear-or-private
	auto=ignore

conn private-or-clear
	auto=ignore

conn private
	auto=ignore

conn block
	auto=ignore

conn packetdefault
	auto=ignore

conn %default
	keyexchange=ikev1


conn my-conn
	left=10.128.5.1
	leftid="78.69.145.86"
	right=220.40.60.210
	leftsubnet=10.1.1.0/24
	rightsubnet=10.136.6.240/28
	leftsourceip=10.123.1.117
	ike=3des-sha1-modp1024,3des-sha256-modp1024,3des-sha384-modp1024!
	keyexchange=ikev1
	ikelifetime=86400s
	esp=3des-sha384,3des-sha256,3des-sha1!
	keylife=3600s
	rekeymargin=540s
	type=tunnel
	pfs=no
	compress=no
	authby=secret
	auto=start
	keyingtries=%forever
#conn my-conn

ipsec.conf: conn Reference - ipsec.conf: conn Reference - strongSwan
Logo