Last active
May 13, 2025 09:22
-
-
Save demofly/08658fa83dc1d92f4b5697221370d7f2 to your computer and use it in GitHub Desktop.
IPSec configuration which supports Windows 11, macOS 15 and Android 14 clients
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| config setup | |
| uniqueids=no | |
| conn ikev2-vpn | |
| # Auth params | |
| keyexchange=ikev2 | |
| auto=add | |
| rekey=no | |
| reauth=no | |
| # main tunnel params | |
| compress=no | |
| type=tunnel | |
| fragmentation=yes | |
| forceencaps=yes | |
| # Dead peer detection | |
| dpdaction=clear | |
| dpddelay=300s | |
| dpdtimeout=1800s | |
| # server | |
| left=%any | |
| leftid = <CN from your TLS cert, may be IP> | |
| leftcert = server-cert.pem | |
| leftsendcert = always | |
| leftsubnet = 0.0.0.0/0 | |
| # client | |
| rightfirewall = yes | |
| right=%any | |
| rightauth=eap-mschapv2 | |
| rightsourceip=172.17.172.1/24 | |
| rightdns=9.9.9.9,8.8.8.8,8.8.4.4,1.1.1.1 | |
| # identification | |
| eap_identity=%identity | |
| # policies | |
| ike=aes256-sha1-prfsha1-modp2048,aes256-sha256-modp2048,aes128-sha256-modp2048,aes256-sha256-prfsha256-modp2048,aes256-sha384-prfsha384-modp2048,aes256-sha1-modp2048,aes128-sha1-modp2048,aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024 | |
| esp=aes256-sha1,aes256-sha256,aes256-sha384,aes128-sha256,aes128-sha1,3des-sha1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment