home_orange-vps_de { remote_addrs = 135.125.133.51 # vips = 0.0.0.0, ::0 # vips = 0.0.0.0 local { auth = pubkey certs = bwCert-dilithium5-sign_ca-falcon1024.pem id = bw.zw3b.eu } remote { auth = pubkey id = vps.zw3b.eu } children { home_orange-vps_de { # mode = transport # Les reseaux du serveur # remote_ts = fec0::/16, fc00:41d0:701:1100::/64 # Les reseaux sur le serveur ET des autres initiateurs remote_ts = fec0::/16, fc00:41d0:701:1100::/64, fec1::/16, fc00:41d0:801:2000::/64 # Les networks du client (initiator) local_ts = fec2::/16, fc10:11:6:42:1:0::/96 #-------------------------------- # #------- start_action = trap #-------------------------------- # ESP #------- # DEFAUT : no cipher # selected proposal: ESP:AES_GCM_16_128/NO_EXT_SEQ # My Config ciphers list # ok CHILD_SA net{1} established # esp_proposals = aes256-sha256-x25519-ke1_kyber3-ke2_bike3-ke3_hqc3 # selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ # ok CHILD_SA net{1} established esp_proposals = aes256-sha256-x25519-ke1_kyber3-ke2_bike3-ke3_hqc3-ke3_none-ke4_hqc5-ke4_none # selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ # selected proposal: ESP:AES_CBC-256/HMAC_SHA2_256_128 #--------------------------------- # rekey_time = 5400 # 90min # rekey_bytes = 500000000 # rekey_packets = 1000000 } } #-------------------------------- # IKE #------- version = 2 dpd_delay = 60s # DEFAULT : no cipher config # selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256 # ok IKE_SA home[1] established proposals = aes256-sha256-x25519-ke1_kyber3-ke1_frodoa3-ke2_bike3-ke2_hqc3-ke3_hqc3-ke3_none-ke4_hqc5-ke4_none # selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519/KE1_KYBER_L3/KE2_BIKE_L3/KE3_HQC_L3/KE4_HQC_L5 # test # proposals = aes256-sha256-x25519 # proposals = aes256-sha256-x25519-ke1_kyber3-ke2_bike3-ke3_hqc3 # proposals = aes256-sha256-x25519-modp3072-ke1_kyber3-ke1_frodoa3-ke2_bike3-ke2_hqc3-ke3_hqc3-ke3_none-ke4_hqc5-ke4_none #-------------------------------- }