uk-de { remote_addrs = 135.125.133.51 vips = 0.0.0.0, ::0 # vips = 0.0.0.0 local { auth = pubkey certs = vps_uk-Cert-ed25519-sign_ca-ed25519.pem id = vps.uk.ipv10.net } remote { auth = pubkey id = vps.zw3b.eu } children { uk-de { # mode = transport # Le local depuis l'initiator local_ts = fec1::/16, fc00:41d0:801:2000::/64 # Les networks sur le serveur # remote_ts = fec0::/16, fc00:41d0:701:1100::/64 # Les networks sur le serveur AND others networks initiators remote_ts = fec0::/16, fc00:41d0:701:1100::/64, fec2::/16, fc10:11:6:42:1:0::/96 start_action = trap #-------------------------------- # ESP #------- # DEFAUT : no cipher # selected proposal: ESP:AES_GCM_16_128/NO_EXT_SEQ # esp_proposals = aes256-sha256-x25519 # My Config ciphers list # ok CHILD_SA net{1} established esp_proposals = aes256-sha256-x25519-ke1_kyber3-ke2_bike3-ke3_hqc3 # selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ # ok CHILD_SA net{1} established # esp_proposals = aes256-sha256-x25519-ke1_kyber3-ke2_bike3-ke3_hqc3-ke3_none-ke4_hqc5-ke4_none # selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ #--------------------------------- # rekey_time = 5400 # 90min rekey_time = 180 # 3min rekey_bytes = 500000000 rekey_packets = 1000000 } } #-------------------------------- # IKE #------- version = 2 dpd_delay = 60s # DEFAULT : no cipher config # selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256 # ok IKE_SA home[1] established proposals = aes256-sha256-x25519-ke1_kyber3-ke1_frodoa3-ke2_bike3-ke2_hqc3-ke3_hqc3-ke3_none-ke4_hqc5-ke4_none # selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519/KE1_KYBER_L3/KE2_BIKE_L3/KE3_HQC_L3/KE4_HQC_L5 # test # proposals = aes256-sha256-x25519 # proposals = aes256-sha256-x25519-ke1_kyber3-ke2_bike3-ke3_hqc3 # proposals = aes256-sha256-x25519-modp3072-ke1_kyber3-ke1_frodoa3-ke2_bike3-ke2_hqc3-ke3_hqc3-ke3_none-ke4_hqc5-ke4_none #-------------------------------- }