IPSec
Last modified by Jean Franco on 2022/07/18 21:41
Exemplo de config de IPSec StrongSwan:
ubnt@ubnt# show vpn ipsec
allow-access-to-local-interface disable
auto-firewall-nat-exclude enable
esp-group FOO1 {
compression disable
lifetime 43200
mode tunnel
pfs dh-group20
proposal 1 {
encryption aes256
hash sha256
}
}
ike-group FOO1 {
ikev2-reauth no
key-exchange ikev2
lifetime 7200
proposal 1 {
dh-group 20
encryption aes256
hash sha256
}
}
nat-traversal enable
site-to-site {
peer 62.X.X.X {
authentication {
id 178.X.X.X
mode pre-shared-secret
pre-shared-secret SECRET
}
connection-type initiate
description R
ike-group FOO1
ikev2-reauth inherit
local-address any
tunnel 1 {
allow-nat-networks disable
allow-public-networks enable
esp-group FOO1
local {
prefix 192.168.178.0/24
}
remote {
prefix 10.99.10.67/32
}
}
}
}
allow-access-to-local-interface disable
auto-firewall-nat-exclude enable
esp-group FOO1 {
compression disable
lifetime 43200
mode tunnel
pfs dh-group20
proposal 1 {
encryption aes256
hash sha256
}
}
ike-group FOO1 {
ikev2-reauth no
key-exchange ikev2
lifetime 7200
proposal 1 {
dh-group 20
encryption aes256
hash sha256
}
}
nat-traversal enable
site-to-site {
peer 62.X.X.X {
authentication {
id 178.X.X.X
mode pre-shared-secret
pre-shared-secret SECRET
}
connection-type initiate
description R
ike-group FOO1
ikev2-reauth inherit
local-address any
tunnel 1 {
allow-nat-networks disable
allow-public-networks enable
esp-group FOO1
local {
prefix 192.168.178.0/24
}
remote {
prefix 10.99.10.67/32
}
}
}
}