[Swan] example .conf for road warriors
Jeremy Hayward
jem at briksdal.co.uk
Fri May 15 14:07:26 UTC 2020
I want to set up a connection on my libreswan that will allow anyone to
connect with just the username and password. I understand the security
implications of this, but I want to be able to access a system from
anywhere in the world, from any device. The main client will be Android
phone, but again, I don't want to have to install specific software on that
phone - just use the built in android vpn facility.
I used to do this with PPTP for many years and it worked well, but I think
that would now be too dangerous but the Android phones now support
relatively IPSec which I think will be good enough.
I've built a conf, but as a bit of a noob, I'm not sure if I've made a
rookie error, or it just won't work in the way I'm intending.
Here is my .conf
conn Warrior
dpdaction=clear
dpddelay=30
dpdtimeout=120
fragmentation=yes
ike=3des-md5;modp1024
ikev2=insist
left=%defaultroute
leftid=xx.xxx.xx.xxx
leftnexthop=192.168.157.1
leftsendcert=always
leftsubnet=192.168.157.0/24
modecfgdns=8.8.8.8
narrowing=yes
pfs=no
rekey=no
right=%any
rightaddresspool=192.168.157.1-192.168.157.254
rightca=%same
# optional PAM username verification (eg to implement bandwidth quota
# pam-authorize=yes
has anyone made this work and can share a .conf I could then customise?
Jem Hayward
www.briksdal.co.uk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20200515/d7051917/attachment.html>
More information about the Swan
mailing list