Cheat sheet

Get connections status logs

ipsec statusall

Restart connection

mkdir -p /var/run/xl2tpd
touch /var/run/xl2tpd/l2tp-control
service strongswan restart
sleep 2
service xl2tpd restart
sleep 2
ipsec up YOUR-CONNECTION

Config

Documentation

Example

/etc/ipsec.conf
version 2.0

config setup
	charonstart=yes
	interfaces="%none"
	nat_traversal=yes
	plutodebug="all"

conn clear
	auto=ignore

conn clear-or-private
	auto=ignore

conn private-or-clear
	auto=ignore

conn private
	auto=ignore

conn block
	auto=ignore

conn packetdefault
	auto=ignore

conn %default
	keyexchange=ikev1


conn my-conn
	left=10.128.5.1
	leftid="78.69.145.86"
	right=220.40.60.210
	leftsubnet=10.1.1.0/24
	rightsubnet=10.136.6.240/28
	leftsourceip=10.123.1.117
	ike=3des-sha1-modp1024,3des-sha256-modp1024,3des-sha384-modp1024!
	keyexchange=ikev1
	ikelifetime=86400s
	esp=3des-sha384,3des-sha256,3des-sha1!
	keylife=3600s
	rekeymargin=540s
	type=tunnel
	pfs=no
	compress=no
	authby=secret
	auto=start
	keyingtries=%forever
#conn my-conn

Last updated