SHOW:
|
|
- or go back to the newest paste.
| 1 | cat ipsec.conf | |
| 2 | ==================================================== | |
| 3 | config setup | |
| 4 | ||
| 5 | conn %default | |
| 6 | ikelifetime=1440m | |
| 7 | keylife=60m | |
| 8 | rekeymargin=3m | |
| 9 | keyingtries=1 | |
| 10 | keyexchange=ikev2 | |
| 11 | rekey=no | |
| 12 | ||
| 13 | conn rw_win7 | |
| 14 | ike=aes256-sha1-modp1024! | |
| 15 | esp=aes256-sha1! | |
| 16 | dpdaction=clear | |
| 17 | dpddelay=300s | |
| 18 | left=134.202.84.62 | |
| 19 | leftsubnet=172.16.1.0/24 | |
| 20 | leftprotoport=17/1701 | |
| 21 | leftauth=psk | |
| 22 | right=%any | |
| 23 | rightprotoport=17/%any | |
| 24 | rightauth=eap-mschapv2 | |
| 25 | rightsourceip=172.16.1.11 | |
| 26 | eap_identity=%any | |
| 27 | auto=add | |
| 28 | ======================================================================= | |
| 29 | cat strongswan.conf | |
| 30 | ======================================================================= | |
| 31 | charon {
| |
| 32 | load = curl test-vectors aes des sha1 sha2 md4 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default attr unity xauth-generic eap-identity eap-mschapv2 ha | |
| 33 | cisco_unity = yes | |
| 34 | i_dont_care_about_security_and_use_aggressive_mode_psk = yes | |
| 35 | dh_exponent_ansi_x9_42 = no | |
| 36 | plugins {
| |
| 37 | attr {
| |
| 38 | #split-exclude = 192.168.0.0/24 | |
| 39 | } | |
| 40 | } | |
| 41 | filelog {
| |
| 42 | /var/log/charon.log {
| |
| 43 | time_format = %b %e %T | |
| 44 | ike_name = yes | |
| 45 | append = no | |
| 46 | - | default = 1 |
| 46 | + | default = 2 |
| 47 | flush_line = yes | |
| 48 | } | |
| 49 | } | |
| 50 | } | |
| 51 | ========================================================================= | |
| 52 | cat /etc/xl2tpd/xl2tpd.conf | |
| 53 | ========================================================================= | |
| 54 | [global] ; Global parameters: | |
| 55 | port = 1701 ; * Bind to port 1701 | |
| 56 | auth file = /etc/xl2tpd/l2tp-secrets ; * Where our challenge secrets are | |
| 57 | access control = no ; * Refuse connections without IP match | |
| 58 | rand source = dev ; Source for entropy for random | |
| 59 | ||
| 60 | [lns default] ; Our fallthrough LNS definition | |
| 61 | exclusive = no ; * Only permit one tunnel per host | |
| 62 | ip range = 172.16.1.11-172.16.1.20 ; IP range to give to clients here | |
| 63 | local ip = 172.16.1.10 ; L2TP end of the tunnel-this_machine | |
| 64 | refuse pap = yes ; * Refuse PAP authentication | |
| 65 | refuse chap = yes | |
| 66 | require authentication = yes ; Require authentication | |
| 67 | name = win7 | |
| 68 | ppp debug = yes ; * Turn on PPP debugging | |
| 69 | pppoptfile = /etc/ppp/options.xl2tpd ; * ppp options file | |
| 70 | ||
| 71 | ========================================================================== | |
| 72 | cat /etc/ppp/options.xl2tpd | |
| 73 | ========================================================================== | |
| 74 | require-mschap-v2 | |
| 75 | ms-dns 8.8.8.8 | |
| 76 | proxyarp | |
| 77 | asyncmap 0 | |
| 78 | auth | |
| 79 | crtscts | |
| 80 | lock | |
| 81 | hide-password | |
| 82 | modem | |
| 83 | debug |
