[strongSwan] How to set some strongswan parameters for all connections at once?
marian.kechlibar at circletech.net
Thu Jan 11 09:54:16 CET 2018
I would like to ask a question with regard to StrongSwan server
We are running a VPN server based on StrongSwan 5.5.3 on CentOS 7. The
settings are as follows:
* ipsec.conf is completely empty, except for comments (the default state
of the file after a fresh installation),
* strongswan.conf includes all the charon confs, which are left in the
default state as well,
* swanctl.conf includes config files and pool files of all the
individual users, where local_addrs, local_sa, remote_sa, children etc.
Now I would like to set up the following parameters of the system:
* Dead Peer Detection
* Cipher Suites
* Enforcement of IKEv2 only
And I would like for those parameters to apply to all the users of the
system at once.
How do I do it? Do I add a conn block into the ipsec.conf?
And how about making exceptions for individual users? Let us say that I
do not want Dead Peer Detection for user X. Can I turn it off in the
appropriate user's config?
I studied the documentation online, but it is not entirely clear to me
and I am afraid of ruining a setup of a functional VPN by trial and error.
Many thanks in advance.
More information about the Users