# /etc/ipsec.d/oe-authnull.conf # # Example file for Opportunstic Encryption using Auth NULL # During negotiation, hold traffic. On IKE Auth NULL failure, fail open # Traffic is held until IKE has failed or succeeded # Because it uses Auth NULL, there is no protection against active MITM attacks # # See also oe-upgrade-authnull.conf conn clear type=passthrough # temp workaround #authby=never authby=null leftid=%null rightid=%null left=%defaultroute right=%group auto=route conn clear-or-private type=tunnel authby=null leftid=%null rightid=%null left=%defaultroute right=%opportunisticgroup negotiationshunt=hold failureshunt=passthrough ikev2=insist # add, not route - because this policy is only for incoming IKE packets auto=add conn private-or-clear type=tunnel authby=null leftid=%null rightid=%null left=%defaultroute right=%opportunisticgroup negotiationshunt=hold failureshunt=passthrough ikev2=insist auto=route keyingtries=1 retransmit-timeout=2s conn private type=tunnel authby=null leftid=%null rightid=%null left=%defaultroute right=%opportunisticgroup negotiationshunt=hold failureshunt=drop ikev2=insist auto=route conn block type=reject # temp workaround #authby=never authby=null leftid=%null rightid=%null left=%defaultroute right=%group auto=route