connections {
rw-allow {
local_addrs = 192.168.0.1
local {
auth = eap-ttls
id = moon.strongswan.org
}
remote {
auth = eap-ttls
groups = allow
}
children {
rw-allow {
local_ts = 10.1.0.0/28
updown = /usr/local/libexec/ipsec/_updown iptables
esp_proposals = aes128gcm16-modp3072
}
}
version = 2
send_certreq = no
proposals = aes128-sha256-modp3072
}
rw-isolate {
local_addrs = 192.168.0.1
local {
auth = eap-ttls
id = moon.strongswan.org
}
remote {
auth = eap-ttls
groups = isolate
}
children {
rw-isolate {
local_ts = 10.1.0.16/28
updown = /usr/local/libexec/ipsec/_updown iptables
esp_proposals = aes128gcm16-modp3072
}
}
version = 2
send_certreq = no
proposals = aes128-sha256-modp3072
}
}
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>