pfSense

# This file is automatically generated. Do not edit

connections {

	bypass {

		remote_addrs = 127.0.0.1

		children {

			bypasslan {

				local_ts = 192.168.1.0/24

				remote_ts = 192.168.1.0/24

				mode = pass

				start_action = trap

			}

		}

	}

	con-mobile : con-mobile-defaults {

		# Stub to load con-mobile-defaults

	}

}

con-mobile-defaults {

	fragmentation = yes

	unique = replace

	version = 2

	proposals = aes256-sha256-modp2048

	dpd_delay = 10s

	rekey_time = 25920s

	reauth_time = 0s

	over_time = 2880s

	rand_time = 2880s

	encap = no

	mobike = yes

	local_addrs = 172.21.10.103

	remote_addrs = 0.0.0.0/0,::/0

	pools = mobile-pool-v4

	send_cert = always

	local {

		id = fqdn:test.ipbgd.office

		auth = pubkey

		cert {

			file = /var/etc/ipsec/x509/cert-1.crt

		}

	}

	remote {

		id = %any

		eap_id = %any

		auth = eap-tls

		cacerts = /var/etc/ipsec/x509ca/791c09ae.0

	}

	children {

		con-mobile {

			# P2 (reqid 1): phase2

			mode = tunnel

			policies = yes

			life_time = 3600s

			rekey_time = 3240s

			rand_time = 360s

			start_action = none

			local_ts = 0.0.0.0/0

			esp_proposals = aes256gcm128-modp2048,aes256gcm96-modp2048,aes256gcm64-modp2048,aes128gcm128-modp2048,aes128-sha256-modp2048,aes128-sha384-modp2048,aes128-sha512-modp2048

			dpd_action = clear

		}

	}

}

pools {

	mobile-pool-v4 : mobile-pool {

		addrs = 192.168.42.0/24

	}

}

mobile-pool {

	# Mobile pool settings template

}

secrets {

	private-0 {

		file = /var/etc/ipsec/private/cert-1.key

	}

}