-
-
Save radut/3fdd6d5e30419235394f3fce92b0d29f to your computer and use it in GitHub Desktop.
Mikrotik <-> Linux GRE/IPSec, strongswan
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| config setup | |
| charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2, mgr 2" | |
| conn %default | |
| # keyexchange=ikev2 | |
| conn mikrotik-1 | |
| # Try connect on daemon start | |
| auto=start | |
| # Authentication by PSK (see ipsec.secret) | |
| authby=secret | |
| # Disable compression | |
| compress=no | |
| # Re-dial setings | |
| closeaction=clear | |
| dpddelay=30s | |
| dpdtimeout=150s | |
| dpdaction=restart | |
| # ESP Authentication settings (Phase 2) | |
| esp=aes128-sha1-modp2048,aes256-sha1-modp2048 | |
| # UDP redirects | |
| forceencaps=no | |
| # IKE Authentication and keyring settings (Phase 1) | |
| ike=aes128-sha1-modp2048,aes256-sha1-modp2048 | |
| ikelifetime=86400s | |
| keyingtries=%forever | |
| lifetime=3600s | |
| # Internet Key Exchange (IKE) version | |
| # Default: Charon - ikev2, Pluto: ikev1 | |
| keyexchange=ikev1 | |
| # connection type | |
| type=transport | |
| # Peers | |
| left=remote_ip | |
| right=local_ip | |
| # Protocol type. May not work in numeric then need set 'gre' | |
| leftprotoport=47 | |
| rightprotoport=47 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
auto gre1
iface gre1 inet static
address 192.168.44.10
netmask 255.255.255.252
pre-up ip tunnel add gre1 mode gre remote $remote_ip local $local_ip
post-up route add -net 192.168.69.0/24 gw 192.168.44.10 dev gre1
post-down ip tunnel del gre1