API tools faq
paste
Advertisement
mafet

Untitled

mafet
May 24th, 2019
128
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.25 KB | None | 0 0
raw download clone embed print report
  1. FreeBSD strongSwan U5.6.0/K11.1-RELEASE-p1
  2. ------------------------------------------
  3. conn con4000
  4. fragmentation = yes
  5. keyexchange = ikev2
  6. reauth = yes
  7. forceencaps = no
  8. mobike = no
  9.  
  10. rekey = yes
  11. installpolicy = yes
  12. type = tunnel
  13. dpdaction = restart
  14. dpddelay = 10s
  15. dpdtimeout = 60s
  16. auto = route
  17. left = 78.....3
  18. right = 89.....143
  19. leftid = 78.....3
  20. ikelifetime = 5400s
  21. lifetime = 3600s
  22. ike = aes256-sha256-modp1024!
  23. esp = aes256-sha256-modp4096,aes256-sha256-modp4096,aes256-sha256-modp4096,aes256-sha256-modp4096!
  24. leftauth = psk
  25. rightauth = psk
  26. rightid = 89.....143
  27. rightsubnet = 172.26.1.0/24
  28. leftsubnet = 10.77.1.0/24
  29.  
  30. conn con4001
  31. fragmentation = yes
  32. keyexchange = ikev2
  33. reauth = yes
  34. forceencaps = no
  35. mobike = no
  36.  
  37. rekey = yes
  38. installpolicy = yes
  39. type = tunnel
  40. dpdaction = restart
  41. dpddelay = 10s
  42. dpdtimeout = 60s
  43. auto = route
  44. left = 78.....3
  45. right = 89.....143
  46. leftid = 78.....3
  47. ikelifetime = 5400s
  48. lifetime = 3600s
  49. ike = aes256-sha256-modp1024!
  50. esp = aes256-sha256-modp4096,aes256-sha256-modp4096,aes256-sha256-modp4096,aes256-sha256-modp4096!
  51. leftauth = psk
  52. rightauth = psk
  53. rightid = 89.....143
  54. rightsubnet = 172.26.1.0/24
  55. leftsubnet = 10.100.99.0/24
  56.  
  57. conn con4002
  58. fragmentation = yes
  59. keyexchange = ikev2
  60. reauth = yes
  61. forceencaps = no
  62. mobike = no
  63.  
  64. rekey = yes
  65. installpolicy = yes
  66. type = tunnel
  67. dpdaction = restart
  68. dpddelay = 10s
  69. dpdtimeout = 60s
  70. auto = route
  71. left = 78.....3
  72. right = 89.....143
  73. leftid = 78.....3
  74. ikelifetime = 5400s
  75. lifetime = 3600s
  76. ike = aes256-sha256-modp1024!
  77. esp = aes256-sha256-modp4096,aes256-sha256-modp4096,aes256-sha256-modp4096,aes256-sha256-modp4096!
  78. leftauth = psk
  79. rightauth = psk
  80. rightid = 89.....143
  81. rightsubnet = 172.26.1.0/24
  82. leftsubnet = 172.25.1.0/24
  83.  
  84. conn con4003
  85. fragmentation = yes
  86. keyexchange = ikev2
  87. reauth = yes
  88. forceencaps = no
  89. mobike = no
  90.  
  91. rekey = yes
  92. installpolicy = yes
  93. type = tunnel
  94. dpdaction = restart
  95. dpddelay = 10s
  96. dpdtimeout = 60s
  97. auto = route
  98. left = 78.....3
  99. right = 89.....143
  100. leftid = 78.....3
  101. ikelifetime = 5400s
  102. lifetime = 3600s
  103. ike = aes256-sha256-modp1024!
  104. esp = aes256-sha256-modp4096,aes256-sha256-modp4096,aes256-sha256-modp4096,aes256-sha256-modp4096!
  105. leftauth = psk
  106. rightauth = psk
  107. rightid = 89.....143
  108. rightsubnet = 172.26.1.0/24
  109. leftsubnet = 192.168.33.0/24
  110.  
  111. ------------------------------------------
  112. /ip ipsec policy group
  113. add name=group1
  114. /ip ipsec profile
  115. add dh-group=modp1024 dpd-interval=10s enc-algorithm=aes-256 hash-algorithm=sha256 lifetime=1h30m name=profile_1 nat-traversal=no
  116. /ip ipsec peer
  117. add address=78.....3/32 exchange-mode=ike2 name=peer1 port=500 profile=profile_1
  118. /ip ipsec proposal
  119. set [ find default=yes ] disabled=yes enc-algorithms=aes-256-cbc
  120. add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=1h name=silberbullet pfs-group=modp4096
  121. /ip ipsec identity
  122. add peer=peer1 policy-template-group=group1 secret=.....
  123. /ip ipsec policy
  124. add dst-address=192.168.33.0/24 level=unique proposal=silberbullet sa-dst-address=78.....3 sa-src-address=89.....143 src-address=172.26.1.0/24 tunnel=yes
  125. add dst-address=172.25.1.0/24 level=unique proposal=silberbullet sa-dst-address=78.....3 sa-src-address=89.....143 src-address=172.26.1.0/24 tunnel=yes
  126. add dst-address=10.77.1.0/24 level=unique proposal=silberbullet sa-dst-address=78.....3 sa-src-address=89.....143 src-address=172.26.1.0/24 tunnel=yes
  127. set 3 disabled=yes
  128. add dst-address=10.100.99.0/24 level=unique proposal=silberbullet sa-dst-address=78.....3 sa-src-address=89.....143 src-address=172.26.1.0/24 tunnel=yes
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!