config setup Allows few simultaneous connections with one user account

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
config setup
# Allows few simultaneous connections with one user account.
# By default only one active connection per user allowed.
# This option also usefull if you have limited rightsourceip pool and want to kick your ghost connection while reconnecting.
uniqueids=no
# Increase debug level
# charondebug = ike 3, cfg 3
conn %default
# Most universal cypher list for all platforms
# Comment this line if connection fails
ike=aes256-sha256-modp1024,aes256-sha256-modp2048
# Dead peer detection will ping clients and terminate sessions after timeout
dpdaction=clear
dpddelay=35s
dpdtimeout=2000s
keyexchange=ikev2
auto=add
rekey=no
reauth=no
fragmentation=yes
#compress=yes
# left - local (server) side
leftcert=cert.pem # Filename of certificate located at /etc/ipsec.d/certs/
leftsendcert=always
# Routes pushed to clients. If you don't have ipv6 then remove ::/0
leftsubnet=0.0.0.0/0
# right - remote (client) side
eap_identity=%identity
# ipv4 and ipv6 subnets that assigns to clients. If you don't have ipv6 then remove it
rightsourceip=10.1.1.0/24
rightdns=8.8.8.8
# Windows and BlackBerry clients usually goes here
conn ikev2-mschapv2
rightauth=eap-mschapv2
# Apple clients usually goes here
conn ikev2-mschapv2-apple
rightauth=eap-mschapv2
leftid=hublotvpn.com