Difference between revisions of "VPN"

From "PTTLink Wiki"
Jump to navigation Jump to search
Line 6: Line 6:
  
 
=== Mikrotik to Strongswan ===
 
=== Mikrotik to Strongswan ===
 +
Use the following configurations to connect a system running Stongswan to a Mikrotik device using IPSEC.
  
 
==== Strongswan config ====
 
==== Strongswan config ====

Revision as of 05:59, 15 November 2020

VPN

The following contains information on various VPN setups that you can use.

IPSEC

Information on how to setup IPSEC tunnels.

Mikrotik to Strongswan

Use the following configurations to connect a system running Stongswan to a Mikrotik device using IPSEC.

Strongswan config

/etc/ipsec.conf:

  conn <name>
            authby=secret
            auto=route
            keyexchange=ike
            left=<your local IP>
            right=<remote IP of Mikrotik system>
            leftikeport=500
            rightikeport=500
            type=transport
            ike=aes256-sha1-modp1024!
            esp=aes256-sha1!
            dpddelay=5
            dpdtimeout=20
            dpdaction=clear

/etc/ipsec.secrets:

   <your local IP> <remote IP of Mikrotik system> :  PSK "<Put your preshared key here>"

Mikrotik Config

 /ip ipsec policy
 add src-address=0.0.0.0/0 dst-address=<remote IP of strongswan system> proposal=ike2 ipsec-protocols=esp
 
 /ip ipsec proposal
 add name="ike2" auth-algorithms=sha256,sha1 enc-algorithms=aes-256-cbc,aes-128-cbc lifetime=30m pfs-group=none
 
 /ip ipsec peer
 add name="<name of strongswan system>" address=<local IP> profile=ike2 exchange-mode=main send-initial-contact=yes
 
 /ip ipsec identity
 add peer=<remote IP of strongswan system> auth-method=pre-shared-key secret="<Put your preshared key here>" generate-policy=no
 
 /ip ipsec profile
 add name="ike2" hash-algorithm=sha1 enc-algorithm=aes-256,aes-192,aes-128,3des,des dh-group=modp2048,modp1024 lifetime=8h proposal-check=obey nat-traversal=no dpd-interval=2m dpd-maximum-failures=5

OpenVPN

Information on how to setup OpenVPN.

L2TP

Information on how to setup L2TP.

TINC

Information on how to setup TINC.

Wireguard

Information on how to setup Wireguard.

Other

Any other information that doesn't fit elsewhere.