Gecko [ 122.154.134.11 ]

Name	Size	Permission
hub-spoke.conf	1.47 KB	-rw-r--r--
ipv6.conf	1013 B	-rw-r--r--
l2tp-cert.conf	1.69 KB	-rw-r--r--
l2tp-psk.conf	1.78 KB	-rw-r--r--
linux-linux.conf	1.13 KB	-rw-r--r--
mast-l2tp-psk.conf	1.54 KB	-rw-r--r--
oe-authnull.conf	1.44 KB	-rw-r--r--
oe-exclude-dns.conf	235 B	-rw-r--r--
oe-upgrade-authnull.conf	1.52 KB	-rw-r--r--
sysctl.conf	2.18 KB	-rw-r--r--
xauth.conf	622 B	-rw-r--r--

Code Editor : oe-authnull.conf

# /etc/ipsec.d/oe-authnull.conf
#
# Example file for Opportunstic Encryption using Auth NULL
# During negotiation, hold traffic. On IKE Auth NULL failure, fail open
# Traffic is held until IKE has failed or succeeded
# Because it uses Auth NULL, there is no protection against active MITM attacks
#
# See also oe-upgrade-authnull.conf

conn packetdefault
	type=tunnel
	authby=null
	leftid=%null
	rightid=%null
	left=%defaultroute
	right=%opportunistic
	negotiationshunt=hold
	failureshunt=passthrough
	ikev2=insist
	auto=route

conn clear
	type=passthrough
	# temp workaround
	#authby=never
	authby=null
	leftid=%null
	rightid=%null
	left=%defaultroute
	right=%group
	auto=route

conn clear-or-private
	type=passthrough
	authby=null
	leftid=%null
	rightid=%null
	left=%defaultroute
	right=%opportunisticgroup
	negotiationshunt=hold
	failureshunt=passthrough
	ikev2=insist
	auto=route
	# EXTRA LOW priority so OE tunnel wins
	priority=2100

conn private-or-clear
	type=tunnel
	authby=null
	leftid=%null
	rightid=%null
	left=%defaultroute
	right=%opportunisticgroup
	negotiationshunt=hold
	failureshunt=passthrough
	ikev2=insist
	auto=route

conn private
	type=tunnel
	authby=null
	leftid=%null
	rightid=%null
	left=%defaultroute
	right=%opportunisticgroup
	negotiationshunt=hold
	failureshunt=drop
	ikev2=insist
	auto=route

conn block
	type=reject
	# temp workaround
	#authby=never
	authby=null
	leftid=%null
	rightid=%null
	left=%defaultroute
	right=%group
	auto=route

${this.title}

Code Editor : oe-authnull.conf