-
-
Save iDanielLaw/20852821dfc931ea2679971e4e1f5e07 to your computer and use it in GitHub Desktop.
Mikrotik <-> Linux GRE/IPSec, strongswan
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| config setup | |
| charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2, mgr 2" | |
| conn %default | |
| # keyexchange=ikev2 | |
| conn mikrotik-1 | |
| # Try connect on daemon start | |
| auto=start | |
| # Authentication by PSK (see ipsec.secret) | |
| authby=secret | |
| # Disable compression | |
| compress=no | |
| # Re-dial setings | |
| closeaction=clear | |
| dpddelay=30s | |
| dpdtimeout=150s | |
| dpdaction=restart | |
| # ESP Authentication settings (Phase 2) | |
| esp=aes128-sha1-modp2048,aes256-sha1-modp2048 | |
| # UDP redirects | |
| forceencaps=no | |
| # IKE Authentication and keyring settings (Phase 1) | |
| ike=aes128-sha1-modp2048,aes256-sha1-modp2048 | |
| ikelifetime=86400s | |
| keyingtries=%forever | |
| lifetime=3600s | |
| # Internet Key Exchange (IKE) version | |
| # Default: Charon - ikev2, Pluto: ikev1 | |
| keyexchange=ikev1 | |
| # connection type | |
| type=transport | |
| # Peers | |
| left=remote_ip | |
| right=local_ip | |
| # Protocol type. May not work in numeric then need set 'gre' | |
| leftprotoport=47 | |
| rightprotoport=47 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment