...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
apiVersion: sdewan.akraino.org/v1alpha1 kind: IPSecSite metadata: name: siteA spec: node: node1 - gateway: 192.168.1.11 pre_shared_key: test123 auth_method: psk local_identifier: @moon.strongswan.org remote_identifier: @sun.strongswan.org crypto_proposal: proposal1 force_crypto_proposal: true connection: - name: connA type: tunnel mode: start local_subnet: 10.1.0.1/24 local_sourceip: 192.168.1.10 local_firewall: yes remote_subnet: 10.2.0.1/24 remote_firewall: yes keyexchange: ikev2 crypto_proposal: proposal1 proposals: - name: proposal1 encryption_algorithm: aes128 hash_algorithm: sha256 dh_group: modp3072 |
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
apiVersion: sdewan.akraino.org/v1alpha1 kind: IPSecSite metadata: name: siteB spec: node: node2 - gateway: 192.168.1.10 pre_shared_key: test123 auth_method: psk local_identifier: @moon.strongswan.org remote_identifier: @sun.strongswan.org crypto_proposal: proposal1 force_crypto_proposal: true connection: - name: connA type: tunnel mode: start local_subnet: 10.2.0.1/24 local_sourceip: 192.168.1.11 local_firewall: yes remote_subnet: 10.1.0.1/24 remote_firewall: yes keyexchange: ikev2 crypto_proposal: proposal1 proposal: - name: proposal1 encryption_algorithm: aes128 hash_algorithm: sha256 dh_group: modp3072 |
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
apiVersion: sdewan.akraino.org/v1alpha1 kind: IPSecSite metadata: name: siteA spec: node: node1 - gateway: 192.168.1.15 pre_shared_key: test123 auth_method: psk local_identifier: @sun.strongswan.org remote_identifier: @roadwarrior.strongswan.org crypto_proposal: proposal1 force_crypto_proposal: true connection: - name: connA type: tunnel mode: start local_subnet: 10.1.0.1/24 local_sourceip: 192.168.1.10 remote_sourceip: 192.168.1.15 crypto_proposal: proposal1 proposal: - name: proposal1 encryption_algorithm: aes128 hash_algorithm: sha256 dh_group: modp3072 |
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
apiVersion: sdewan.akraino.org/v1alpha1 kind: IPSecSite metadata: name: roadwarrior spec: node: roadwarrior spec: - gateway: 192.168.1.10 pre_shared_key: test123 auth_method: psk local_identifier: @roadwarrior.strongswan.org remote_identifier: @sun.strongswan.org crypto_proposal: "proposal1" force_crypto_proposal: true connection: - name: connA type: tunnel mode: start local_sourceip: 192.168.1.15 remote_subnet: 10.1.0.1/24 remote_sourceip: 192.168.1.10 crypto_proposal: proposal1 proposal: - name: proposal1 encryption_algorithm: aes128 hash_algorithm: sha256 dh_group: modp3072 |
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
apiVersion: sdewan.akraino.org/v1alpha1 kind: IPSecSite metadata: name: siteA spec: node: node1 - gateway: any pre_shared_key: test123 auth_method: psk local_identifier: @moon.strongswan.org remote_identifier: @roadwarrior.strongswan.org crypto_proposal: proposal1 force_crypto_proposal: true connection: - name: connA type: tunnel mode: start local_subnet: 10.1.0.1/24 local_sourceip: 192.168.1.10 local_firewall: yes remote_sourceip: 10.3.0.1/24 remote_firewall: yes crypto_proposal: "proposal1" proposal: - name: proposal1 encryption_algorithm: aes128 hash_algorithm: sha256 dh_group: modp3072 |
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
apiVersion: sdewan.akraino.org/v1alpha1 kind: IPSecSite metadata: name: roadwarrior spec: node: roadwarrior - gateway: 192.168.1.10 pre_shared_key: test123 auth_method: psk local_identifier: @roadwarrior.strongswan.org remote_identifier: @moon.strongswan.org crypto_proposal: proposal1 force_crypto_proposal: true connection: - name: connA type: tunnel mode: start local_sourceip: %config local_firewall: yes remote_subnet: 10.1.0.1/24 remote_sourceip: 192.168.1.10 remote_firewall: yes crypto_proposal: "proposal1" proposal: - name: proposal1 encryption_algorithm: aes128 hash_algorithm: sha256 dh_group: modp3072 |
...