OK, so I set up an experimental VPN and started playing with it, as not to break the production VPN.
CentOS uses swanctl as a lightweight controller, so ipsec.conf is not really loaded. I was able to set up DPD, Proposals etc. on a user-by-user basis, but not globally. Is there any way how to set something for all connections at once when using swanctl? Best regards Marian Kechlibar Prague, CZ Dne 11.1.2018 v 9:54 Marian Kechlibar napsal(a): > Hi all, > > I would like to ask a question with regard to StrongSwan server > configuration. > > We are running a VPN server based on StrongSwan 5.5.3 on CentOS 7. The > settings are as follows: > > * ipsec.conf is completely empty, except for comments (the default state > of the file after a fresh installation), > * strongswan.conf includes all the charon confs, which are left in the > default state as well, > * swanctl.conf includes config files and pool files of all the > individual users, where local_addrs, local_sa, remote_sa, children etc. > is determined. > > Now I would like to set up the following parameters of the system: > > * Dead Peer Detection > * Cipher Suites > * Enforcement of IKEv2 only > * Lifetime > > And I would like for those parameters to apply to all the users of the > system at once. > > How do I do it? Do I add a conn block into the ipsec.conf? > > And how about making exceptions for individual users? Let us say that I > do not want Dead Peer Detection for user X. Can I turn it off in the > appropriate user's config? > > I studied the documentation online, but it is not entirely clear to me > and I am afraid of ruining a setup of a functional VPN by trial and error. > > Many thanks in advance. > > Marian Kechlibar > Prague, CZ >
