ASL-Corp members, Bureaucrats, Check users, Structured Discussions bots, oversight, Suppressors, Administrators, Upload Wizard campaign editors
1,714
edits
Changes
Jump to navigation
Jump to search
Line 15:
Line 15: + + + + + + + + + + + + + + + + + + + + + + + + + Line 21:
Line 46: − − ''Note: You can use this config to connect two non-MikroTik systems as well. Just replicate the config below for each system you wish to connect.''
Added strongSwan to strongSwan config info
== IPSEC ==
== IPSEC ==
Information on how to setup IPSEC tunnels.
Information on how to setup IPSEC tunnels.
=== stongSwan to strongSwan ===
Use the following config for a strongSwan<ref>strongSwan Official Site [https://www.strongswan.org/]</ref> to strongSwan configuration. Make sure the left and right IP addresses are updated to match each system. You can use the same ipsec.secrets file on both systems without changing the IP address order, although I recommend changing it to having the local IP on the left and the remote on the right as shown below.
====ipsec.conf====
/sec/ipsec/conf:
conn <name>
authby=secret
auto=route # can also be start
keyexchange=ike
left=<your local IP>
right=<remote IP of Mikrotik system>
leftikeport=500
rightikeport=500
type=transport
esp=aes128gcm16!
dpddelay=5
dpdtimeout=20
dpdaction=clear # can also be restart
====ipsec.secrets====
/etc/ipsec.secrets:
<your local IP> <remote IP of Mikrotik system> : PSK "<Put your preshared key here>"
=== strongSwan to MikroTik ===
=== strongSwan to MikroTik ===
==== strongSwan config ====
==== strongSwan config ====
The following configuration will work on FreeBSD or Linux systems with strongSwan installed.
The following configuration will work on FreeBSD or Linux systems with strongSwan installed.
=====ipsec.conf=====
=====ipsec.conf=====