Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- FreeBSD strongSwan U5.6.0/K11.1-RELEASE-p1
- ------------------------------------------
- conn con4000
- fragmentation = yes
- keyexchange = ikev2
- reauth = yes
- forceencaps = no
- mobike = no
- rekey = yes
- installpolicy = yes
- type = tunnel
- dpdaction = restart
- dpddelay = 10s
- dpdtimeout = 60s
- auto = route
- left = 78.....3
- right = 89.....143
- leftid = 78.....3
- ikelifetime = 5400s
- lifetime = 3600s
- ike = aes256-sha256-modp1024!
- esp = aes256-sha256-modp4096,aes256-sha256-modp4096,aes256-sha256-modp4096,aes256-sha256-modp4096!
- leftauth = psk
- rightauth = psk
- rightid = 89.....143
- rightsubnet = 172.26.1.0/24
- leftsubnet = 10.77.1.0/24
- conn con4001
- fragmentation = yes
- keyexchange = ikev2
- reauth = yes
- forceencaps = no
- mobike = no
- rekey = yes
- installpolicy = yes
- type = tunnel
- dpdaction = restart
- dpddelay = 10s
- dpdtimeout = 60s
- auto = route
- left = 78.....3
- right = 89.....143
- leftid = 78.....3
- ikelifetime = 5400s
- lifetime = 3600s
- ike = aes256-sha256-modp1024!
- esp = aes256-sha256-modp4096,aes256-sha256-modp4096,aes256-sha256-modp4096,aes256-sha256-modp4096!
- leftauth = psk
- rightauth = psk
- rightid = 89.....143
- rightsubnet = 172.26.1.0/24
- leftsubnet = 10.100.99.0/24
- conn con4002
- fragmentation = yes
- keyexchange = ikev2
- reauth = yes
- forceencaps = no
- mobike = no
- rekey = yes
- installpolicy = yes
- type = tunnel
- dpdaction = restart
- dpddelay = 10s
- dpdtimeout = 60s
- auto = route
- left = 78.....3
- right = 89.....143
- leftid = 78.....3
- ikelifetime = 5400s
- lifetime = 3600s
- ike = aes256-sha256-modp1024!
- esp = aes256-sha256-modp4096,aes256-sha256-modp4096,aes256-sha256-modp4096,aes256-sha256-modp4096!
- leftauth = psk
- rightauth = psk
- rightid = 89.....143
- rightsubnet = 172.26.1.0/24
- leftsubnet = 172.25.1.0/24
- conn con4003
- fragmentation = yes
- keyexchange = ikev2
- reauth = yes
- forceencaps = no
- mobike = no
- rekey = yes
- installpolicy = yes
- type = tunnel
- dpdaction = restart
- dpddelay = 10s
- dpdtimeout = 60s
- auto = route
- left = 78.....3
- right = 89.....143
- leftid = 78.....3
- ikelifetime = 5400s
- lifetime = 3600s
- ike = aes256-sha256-modp1024!
- esp = aes256-sha256-modp4096,aes256-sha256-modp4096,aes256-sha256-modp4096,aes256-sha256-modp4096!
- leftauth = psk
- rightauth = psk
- rightid = 89.....143
- rightsubnet = 172.26.1.0/24
- leftsubnet = 192.168.33.0/24
- ------------------------------------------
- /ip ipsec policy group
- add name=group1
- /ip ipsec profile
- add dh-group=modp1024 dpd-interval=10s enc-algorithm=aes-256 hash-algorithm=sha256 lifetime=1h30m name=profile_1 nat-traversal=no
- /ip ipsec peer
- add address=78.....3/32 exchange-mode=ike2 name=peer1 port=500 profile=profile_1
- /ip ipsec proposal
- set [ find default=yes ] disabled=yes enc-algorithms=aes-256-cbc
- add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=1h name=silberbullet pfs-group=modp4096
- /ip ipsec identity
- add peer=peer1 policy-template-group=group1 secret=.....
- /ip ipsec policy
- add dst-address=192.168.33.0/24 level=unique proposal=silberbullet sa-dst-address=78.....3 sa-src-address=89.....143 src-address=172.26.1.0/24 tunnel=yes
- add dst-address=172.25.1.0/24 level=unique proposal=silberbullet sa-dst-address=78.....3 sa-src-address=89.....143 src-address=172.26.1.0/24 tunnel=yes
- add dst-address=10.77.1.0/24 level=unique proposal=silberbullet sa-dst-address=78.....3 sa-src-address=89.....143 src-address=172.26.1.0/24 tunnel=yes
- set 3 disabled=yes
- add dst-address=10.100.99.0/24 level=unique proposal=silberbullet sa-dst-address=78.....3 sa-src-address=89.....143 src-address=172.26.1.0/24 tunnel=yes
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement