| Hyunsun Moon | 6c6db95 | 2020-03-04 20:50:51 -0800 | [diff] [blame] | 1 | # Copyright 2020-present Open Networking Foundation |
| 2 | # |
| 3 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | # you may not use this file except in compliance with the License. |
| 5 | # You may obtain a copy of the License at |
| 6 | # |
| 7 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | # |
| 9 | # Unless required by applicable law or agreed to in writing, software |
| 10 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | # See the License for the specific language governing permissions and |
| 13 | # limitations under the License. |
| 14 | |
| 15 | # basic configuration |
| 16 | config setup |
| 17 | # strictcrlpolicy=yes |
| 18 | # uniqueids = no |
| 19 | |
| 20 | conn %default |
| 21 | ikelifetime=600m # 36,000s |
| 22 | keylife=180m # 10,800s |
| 23 | rekeymargin=3m |
| 24 | keyingtries=3 |
| 25 | keyexchange=ikev2 |
| 26 | mobike=no |
| 27 | ike=aes256gcm16-sha512-modp2048 |
| 28 | esp=aes256gcm16-sha512-modp8192 |
| 29 | authby=psk |
| 30 | |
| 31 | conn peer-aether-gcp-vpn-gateway |
| 32 | left={{ vpn_local_addr }} |
| 33 | leftid={{ vpn_local_id }} |
| 34 | leftsubnet={{ vpn_local_subnets }} |
| 35 | leftauth=psk |
| 36 | right={{ vpn_remote_addr }} |
| 37 | rightsubnet={{ vpn_remote_subnets }} |
| 38 | rightauth=psk |
| 39 | auto=start |
| 40 | type=tunnel |
| 41 | dpdaction=restart |
| 42 | closeaction=restart |