Mikrotik
[admin@MikroTik] > /ip ipsec peer add address=StrongSWANIP/32 port=500 auth-method=pre-shared-key secret="PSK" generate-policy=no exchange-mode=main send-initial-contact=yes nat-traversal=no proposal-check=obey hash-algorithm=sha1 enc-algorithm=aes-256 dh-group=modp1024 lifetime=8h lifebytes=0 dpd-interval=2m dpd-maximum-failures=5
[admin@MikroTik] > /ip ipsec policy add src-address=Mikrotik Private IP/24 src-port=any dst-address=Swan Private IP/24 dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=MikrotikPublicIP sa-dst-address=SwanPublicIP proposal=default priority=0
[admin@MikroTik] > /ip ipsec proposal set 0 auth-algorithms=sha1 enc-algorithms=3des lifetime=1h pfs-group=none
[admin@MikroTik] > /ip ipsec peer add address=StrongSWANIP/32 port=500 auth-method=pre-shared-key secret="PSK" generate-policy=no exchange-mode=main send-initial-contact=yes nat-traversal=no proposal-check=obey hash-algorithm=sha1 enc-algorithm=aes-256 dh-group=modp1024 lifetime=8h lifebytes=0 dpd-interval=2m dpd-maximum-failures=5
[admin@MikroTik] > /ip ipsec policy add src-address=Mikrotik Private IP/24 src-port=any dst-address=Swan Private IP/24 dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=MikrotikPublicIP sa-dst-address=SwanPublicIP proposal=default priority=0
[admin@MikroTik] > /ip ipsec proposal set 0 auth-algorithms=sha1 enc-algorithms=3des lifetime=1h pfs-group=none
StrongSWAN
ipsec.conf
###Pv -Komils Home
conn tunnel
rightsendcert=never
left=SWAN Public IP
leftsubnet=SWAN Private IP/24
right=Mikrotik Public IP
rightsubnet=Mikrotik Private IP/24
ike=aes256-sha1-modp1024!
esp=3des-sha1!
keyingtries=0
ikelifetime=1h
lifetime=8h
dpddelay=30
dpdtimeout=120
dpdaction=clear
authby=secret
auto=start
keyexchange=ikev1
type=tunnel
ipsec.secret
SWAN_IP Mikrotik_IP : PSK 'PSK'
Комментариев нет:
Отправить комментарий