Wiki source code of IPSec
Last modified by Jean Franco on 2022/07/18 21:41
Hide last authors
| author | version | line-number | content |
|---|---|---|---|
 |
1.1 | 1 | Exemplo de config de IPSec StrongSwan: |
| 2 | |||
| 3 | |||
| 4 | {{code language="none"}} | ||
| 5 | ubnt@ubnt# show vpn ipsec | ||
| 6 | allow-access-to-local-interface disable | ||
| 7 | auto-firewall-nat-exclude enable | ||
| 8 | esp-group FOO1 { | ||
| 9 | compression disable | ||
| 10 | lifetime 43200 | ||
| 11 | mode tunnel | ||
| 12 | pfs dh-group20 | ||
| 13 | proposal 1 { | ||
| 14 | encryption aes256 | ||
| 15 | hash sha256 | ||
| 16 | } | ||
| 17 | } | ||
| 18 | ike-group FOO1 { | ||
| 19 | ikev2-reauth no | ||
| 20 | key-exchange ikev2 | ||
| 21 | lifetime 7200 | ||
| 22 | proposal 1 { | ||
| 23 | dh-group 20 | ||
| 24 | encryption aes256 | ||
| 25 | hash sha256 | ||
| 26 | } | ||
| 27 | } | ||
| 28 | nat-traversal enable | ||
| 29 | site-to-site { | ||
| 30 | peer 62.X.X.X { | ||
| 31 | authentication { | ||
| 32 | id 178.X.X.X | ||
| 33 | mode pre-shared-secret | ||
| 34 | pre-shared-secret SECRET | ||
| 35 | } | ||
| 36 | connection-type initiate | ||
| 37 | description R | ||
| 38 | ike-group FOO1 | ||
| 39 | ikev2-reauth inherit | ||
| 40 | local-address any | ||
| 41 | tunnel 1 { | ||
| 42 | allow-nat-networks disable | ||
| 43 | allow-public-networks enable | ||
| 44 | esp-group FOO1 | ||
| 45 | local { | ||
| 46 | prefix 192.168.178.0/24 | ||
| 47 | } | ||
| 48 | remote { | ||
| 49 | prefix 10.99.10.67/32 | ||
| 50 | } | ||
| 51 | } | ||
| 52 | } | ||
| 53 | } | ||
| 54 | {{/code}} |