Projet

Général

Profil

ipsec.conf

Jean-Michel Gautrand, 18/12/2020 17:42

Télécharger (6,27 ko)

 
1
#configuration is in ipsec.conf file
2
config setup
3
    uniqueids = yes
4
    cachecrls = yes
5
    strictcrlpolicy = no
6

    
7
ca "RACINE AGRIATES_CA"
8
    cacert = "RACINE AGRIATES.pem"
9
    crluri = http://crl1.igc.education.fr/agriates
10
    crluri2 =
11
    auto=add
12

    
13
conn %default
14
    keyingtries = 3
15
    keyexchange = ike
16
    authby = pubkey
17
    dpdaction = restart
18
    dpddelay = 120s
19
    ike = aes128-sha256-modp2048,aes192-sha384-modp3072
20
    esp = aes128gcm128,aes192gcm128,aes128-sha256
21
    forceencaps = no
22
    mobike = no
23

    
24
#DEB:pf0348890d-sphynx3_1-admin-reseau192
25
conn "pf0348890d-sphynx3_1-admin-reseau192"
26
    leftid = "C=FR, L=Montpellier, O=Education Nationale, OU=Academie de Montpellier, OU=0002 110043015, CN=0348890D-01.ac-montpellier.fr"
27
    leftcert = "0348890D-01.ac-montpellier.fr.pem"
28
    left = 212.51.190.245
29
    leftsubnet = "10.34.199.0/24"
30
    leftupdown = /etc/ipsec.d/ipsec_updown
31
    rightid = "C=FR, L=montpellier, O=Education Nationale, OU=ac-montpellier, OU=0002 110043015, CN=sphynx-PNCN.ac-montpellier.fr"
32
    right = 195.83.225.227
33
    rightsubnet = "192.168.0.0/16"
34
    auto=start
35
#FIN:pf0348890d-sphynx3_1-admin-reseau192
36

    
37
#DEB:pf0348890d-sphynx3_1-admin-reseau172
38
conn "pf0348890d-sphynx3_1-admin-reseau172"
39
    leftid = "C=FR, L=Montpellier, O=Education Nationale, OU=Academie de Montpellier, OU=0002 110043015, CN=0348890D-01.ac-montpellier.fr"
40
    leftcert = "0348890D-01.ac-montpellier.fr.pem"
41
    left = 212.51.190.245
42
    leftsubnet = "10.34.199.0/24"
43
    leftupdown = /etc/ipsec.d/ipsec_updown
44
    rightid = "C=FR, L=montpellier, O=Education Nationale, OU=ac-montpellier, OU=0002 110043015, CN=sphynx-PNCN.ac-montpellier.fr"
45
    right = 195.83.225.227
46
    rightsubnet = "172.16.0.0/12"
47
    auto=start
48
#FIN:pf0348890d-sphynx3_1-admin-reseau172
49

    
50
#DEB:pf0348890d-sphynx3_1-admin-reseau_ader
51
conn "pf0348890d-sphynx3_1-admin-reseau_ader"
52
    leftid = "C=FR, L=Montpellier, O=Education Nationale, OU=Academie de Montpellier, OU=0002 110043015, CN=0348890D-01.ac-montpellier.fr"
53
    leftcert = "0348890D-01.ac-montpellier.fr.pem"
54
    left = 212.51.190.245
55
    leftsubnet = "10.34.199.0/24"
56
    leftupdown = /etc/ipsec.d/ipsec_updown
57
    rightid = "C=FR, L=montpellier, O=Education Nationale, OU=ac-montpellier, OU=0002 110043015, CN=sphynx-PNCN.ac-montpellier.fr"
58
    right = 195.83.225.227
59
    rightsubnet = "161.48.0.0/19"
60
    auto=start
61
#FIN:pf0348890d-sphynx3_1-admin-reseau_ader
62

    
63
#DEB:pf0348890d-sphynx3_1-admin-reseau10
64
conn "pf0348890d-sphynx3_1-admin-reseau10"
65
    leftid = "C=FR, L=Montpellier, O=Education Nationale, OU=Academie de Montpellier, OU=0002 110043015, CN=0348890D-01.ac-montpellier.fr"
66
    leftcert = "0348890D-01.ac-montpellier.fr.pem"
67
    left = 212.51.190.245
68
    leftsubnet = "10.34.199.0/24"
69
    leftupdown = /etc/ipsec.d/ipsec_updown
70
    rightid = "C=FR, L=montpellier, O=Education Nationale, OU=ac-montpellier, OU=0002 110043015, CN=sphynx-PNCN.ac-montpellier.fr"
71
    right = 195.83.225.227
72
    rightsubnet = "10.0.0.0/8"
73
    auto=start
74
#FIN:pf0348890d-sphynx3_1-admin-reseau10
75

    
76
#DEB:pf0348890d-sphynx3_1-reseau_rie-admin0
77
conn "pf0348890d-sphynx3_1-reseau_rie-admin0"
78
    leftid = "C=FR, L=Montpellier, O=Education Nationale, OU=Academie de Montpellier, OU=0002 110043015, CN=0348890D-01.ac-montpellier.fr"
79
    leftcert = "0348890D-01.ac-montpellier.fr.pem"
80
    left = 212.51.190.245
81
    leftsubnet = "10.34.199.0/24"
82
    leftupdown = /etc/ipsec.d/ipsec_updown
83
    rightid = "C=FR, L=montpellier, O=Education Nationale, OU=ac-montpellier, OU=0002 110043015, CN=sphynx-PNCN.ac-montpellier.fr"
84
    right = 195.83.225.227
85
    rightsubnet = "100.64.0.0/12"
86
    auto=start
87
#FIN:pf0348890d-sphynx3_1-reseau_rie-admin0
88

    
89
#DEB:pf0348890d-mic-sphynx-cd34_1-pedago-reseau_cd34
90
conn "pf0348890d-mic-sphynx-cd34_1-pedago-reseau_cd34"
91
    leftid = "C=FR, L=Montpellier, O=Education Nationale, OU=Academie de Montpellier, OU=0002 110043015, CN=0348890D-01.ac-montpellier.fr"
92
    leftcert = "0348890D-01.ac-montpellier.fr.pem"
93
    left = 212.51.190.245
94
    leftsubnet = "10.134.199.0/24"
95
    leftupdown = /etc/ipsec.d/ipsec_updown
96
    rightid = "C=FR, L=Montpellier, O=Education Nationale, OU=Academie de Montpellier, OU=0002 110043015, CN=0348888B-01.ac-montpellier.fr"
97
    right = 212.51.190.228
98
    rightsubnet = "172.19.34.0/24"
99
    auto=start
100
#FIN:pf0348890d-mic-sphynx-cd34_1-pedago-reseau_cd34
101

    
102
#DEB:pf0348890d-mic-sphynx-cd34_1-pedago_wifi-reseau_cd34
103
conn "pf0348890d-mic-sphynx-cd34_1-pedago_wifi-reseau_cd34"
104
    leftid = "C=FR, L=Montpellier, O=Education Nationale, OU=Academie de Montpellier, OU=0002 110043015, CN=0348890D-01.ac-montpellier.fr"
105
    leftcert = "0348890D-01.ac-montpellier.fr.pem"
106
    left = 212.51.190.245
107
    leftsubnet = "172.22.72.0/22"
108
    leftupdown = /etc/ipsec.d/ipsec_updown
109
    rightid = "C=FR, L=Montpellier, O=Education Nationale, OU=Academie de Montpellier, OU=0002 110043015, CN=0348888B-01.ac-montpellier.fr"
110
    right = 212.51.190.228
111
    rightsubnet = "172.19.34.0/24"
112
    auto=start
113
#FIN:pf0348890d-mic-sphynx-cd34_1-pedago_wifi-reseau_cd34
114

    
115
#DEB:pf0348890d-mic-sphynx-cd34_1-mgt-reseau_cd34
116
conn "pf0348890d-mic-sphynx-cd34_1-mgt-reseau_cd34"
117
    leftid = "C=FR, L=Montpellier, O=Education Nationale, OU=Academie de Montpellier, OU=0002 110043015, CN=0348890D-01.ac-montpellier.fr"
118
    leftcert = "0348890D-01.ac-montpellier.fr.pem"
119
    left = 212.51.190.245
120
    leftsubnet = "172.19.199.0/24"
121
    leftupdown = /etc/ipsec.d/ipsec_updown
122
    rightid = "C=FR, L=Montpellier, O=Education Nationale, OU=Academie de Montpellier, OU=0002 110043015, CN=0348888B-01.ac-montpellier.fr"
123
    right = 212.51.190.228
124
    rightsubnet = "172.19.34.0/24"
125
    auto=start
126
#FIN:pf0348890d-mic-sphynx-cd34_1-mgt-reseau_cd34
127

    
128
#DEB:pf0348890d-mic-sphynx-cd34_1-admin-reseau_cd34
129
conn "pf0348890d-mic-sphynx-cd34_1-admin-reseau_cd34"
130
    leftid = "C=FR, L=Montpellier, O=Education Nationale, OU=Academie de Montpellier, OU=0002 110043015, CN=0348890D-01.ac-montpellier.fr"
131
    leftcert = "0348890D-01.ac-montpellier.fr.pem"
132
    left = 212.51.190.245
133
    leftsubnet = "10.34.199.0/24"
134
    leftupdown = /etc/ipsec.d/ipsec_updown
135
    rightid = "C=FR, L=Montpellier, O=Education Nationale, OU=Academie de Montpellier, OU=0002 110043015, CN=0348888B-01.ac-montpellier.fr"
136
    right = 212.51.190.228
137
    rightsubnet = "172.19.34.0/24"
138
    auto=start
139
#FIN:pf0348890d-mic-sphynx-cd34_1-admin-reseau_cd34
140
#personalisation AMON 2.7
141
include /etc/ipsec.d/conf/*
142
#