Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # cat /etc/sysctl.conf | grep forward
- # Controls IP packet forwarding
- net.ipv4.ip_forward = 1
- config setup
- # strictcrlpolicy=yes
- # uniqueids = no
- conn %default
- ikelifetime=1440m
- keylife=60m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev1
- authby=secret
- conn vendor
- left=1.1.1.1 #strongswan outside address
- leftsubnet=1.1.1.2/32 #network behind strongswan
- leftid=1.1.1.1 #IKEID sent by strongswan
- right=5.5.5.5 #IOS outside address
- rightsubnet=5.5.5.5/27 #network behind IOS
- rightid=5.5.5.5 #IKEID sent by IOS
- auto=add
- ike=3des-sha1-modp1024 #P1
- esp=3des-sha1 #P2
- # netstat -rn
- Kernel IP routing table
- Destination Gateway Genmask Flags MSS Window irtt Iface
- 5.5.5.5 1.1.1.1 255.255.255.224 UG 0 0 0 eth0
- # ip xfrm policy
- src 5.5.5.5/27 dst 1.1.1.2/32
- dir fwd priority 2839 ptype main
- tmpl src 5.5.5.5 dst 1.1.1.1
- proto esp reqid 1 mode tunnel
- src 5.5.5.5/27 dst 1.1.1.2/32
- dir in priority 2839 ptype main
- tmpl src 5.5.5.5 dst 1.1.1.1
- proto esp reqid 1 mode tunnel
- src 1.1.1.2/32 dst 5.5.5.5/27
- dir out priority 2839 ptype main
- tmpl src 1.1.1.1 dst 5.5.5.5
- proto esp reqid 1 mode tunnel
- src 0.0.0.0/0 dst 0.0.0.0/0
- dir 3 priority 0 ptype main
- src 0.0.0.0/0 dst 0.0.0.0/0
- dir 4 priority 0 ptype main
- src 0.0.0.0/0 dst 0.0.0.0/0
- dir 3 priority 0 ptype main
- src 0.0.0.0/0 dst 0.0.0.0/0
- dir 4 priority 0 ptype main
- src ::/0 dst ::/0
- dir 3 priority 0 ptype main
- src ::/0 dst ::/0
- dir 4 priority 0 ptype main
- src ::/0 dst ::/0
- dir 3 priority 0 ptype main
- src ::/0 dst ::/0
- dir 4 priority 0 ptype main
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
