Hi all, I would like to ask a question with regard to StrongSwan server configuration.
We are running a VPN server based on StrongSwan 5.5.3 on CentOS 7. The settings are as follows: * ipsec.conf is completely empty, except for comments (the default state of the file after a fresh installation), * strongswan.conf includes all the charon confs, which are left in the default state as well, * swanctl.conf includes config files and pool files of all the individual users, where local_addrs, local_sa, remote_sa, children etc. is determined. Now I would like to set up the following parameters of the system: * Dead Peer Detection * Cipher Suites * Enforcement of IKEv2 only * Lifetime And I would like for those parameters to apply to all the users of the system at once. How do I do it? Do I add a conn block into the ipsec.conf? And how about making exceptions for individual users? Let us say that I do not want Dead Peer Detection for user X. Can I turn it off in the appropriate user's config? I studied the documentation online, but it is not entirely clear to me and I am afraid of ruining a setup of a functional VPN by trial and error. Many thanks in advance. Marian Kechlibar Prague, CZ
