User Tools

Site Tools


ubuntu_mikrotik_ipsec

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
ubuntu_mikrotik_ipsec [2020/01/14 09:37]
admin
— (current)
Line 1: Line 1:
-=== Ubuntu (server): === 
-/etc/ipsec.conf 
-<code> 
-config setup 
-        # strictcrlpolicy=yes 
-        uniqueids = yes 
-        oe=off 
-        protostack=netkey 
-conn home-42 
-    authby=secret 
-    auto=start 
-    dpddelay=30s 
-    dpdtimeout=120s 
-    dpdaction=restart 
-    auth=esp 
-    pfs=no 
-    rekey=no 
-    fragmentation=yes 
-    type=transport 
-    ike=aes128-sha1-modp1024 
-    ikelifetime=86400s 
-    lifetime=3600s 
-    keyexchange=ikev1 
-    esp=aes128-sha1-modp1024,aes256-sha1-modp1024 
-    left=x.x.x.x 
-    right=y.y.y.y 
  
-</code> 
- 
-/etc/xl2tpd/xl2tpd.conf 
-<code> 
-[global] 
-port = 1701 
-ipsec saref = yes 
-[lns default] 
-ip range = 10.52.0.2-10.52.1.100 
-local ip = 10.52.0.1 
-length bit = yes 
-refuse pap = yes 
-refuse chap = yes 
-require authentication = yes 
-pppoptfile = /etc/ppp/options.xl2tpd 
-</code> 
- 
-/etc/ppp/options.xl2tpd 
-<code> 
-require-mschap-v2 
-#require-mppe 
-refuse-pap 
-refuse-chap 
-refuse-eap 
-refuse-mschap 
-ms-dns 1.1.1.1 
-ms-dns 8.8.4.4 
-asyncmap 0 
-auth 
-crtscts 
-lock 
-hide-password 
-modem 
-debug 
-name xl2tpd 
-proxyarp 
-lcp-echo-interval 30 
-lcp-echo-failure 4 
-nodefaultroute 
-</code> 
- 
- 
- 
-=== Mikrotik (client): === 
-peer: 
-<code> 
-add address=x.x.x.x/32 comment=Hetzner dh-group=modp1024 enc-algorithm=aes-256,aes-128 local-address=y.y.y.y\ 
-  nat-traversal=no secret="secret" send-initial-contact=no 
-</code> 
-proposal: 
-<code> 
-add auth-algorithms=sha1 disabled=no enc-algorithms=aes-256-cbc,aes-128-cbc lifetime=1h name=hetzner pfs-group=modp1024 
-</code> 
-policy: 
-<code> 
-add comment="Hetzner VPS; encrypt UDP" dst-address=x.x.x.x/32 proposal=gre-hetzner protocol=udp src-address=y.y.y.y/32 
-</code> 
ubuntu_mikrotik_ipsec.1578994645.txt.gz ยท Last modified: 2020/01/14 09:37 by admin