ASL-Corp members, Bureaucrats, Check users, Structured Discussions bots, oversight, Suppressors, Administrators, Upload Wizard campaign editors
1,714
edits
Changes
Jump to navigation
Jump to search
Created initial page. Added config examples to connect via IPSEC a Strongswan system with a Mikrotik system.
= VPN =
The following contains information on various VPN setups that you can use.
== IPSEC ==
Information on how to setup IPSEC tunnels.
=== Mikrotik to Strongswan==
==== Strongswan config ====
/etc/ipsec.conf:
conn <name>
authby=secret
auto=route
keyexchange=ike
left=<your local IP>
right=<remote IP of Mikrotik system>
leftikeport=500
rightikeport=500
type=transport
ike=aes256-sha1-modp1024!
esp=aes256-sha1!
dpddelay=5
dpdtimeout=20
dpdaction=clear
/etc/ipsec.secrets:
<your local IP> <remote IP of Mikrotik system> : PSK "<Put your preshared key here>"
==== Mikrotik Config ====
/ip ipsec policy
add src-address=0.0.0.0/0 dst-address=<remote IP of strongswan system> proposal=ike2 ipsec-protocols=esp
/ip ipsec proposal
add name="ike2" auth-algorithms=sha256,sha1 enc-algorithms=aes-256-cbc,aes-128-cbc lifetime=30m pfs-group=none
/ip ipsec peer
add name="<name of strongswan system>" address=<local IP> profile=ike2 exchange-mode=main send-initial-contact=yes
/ip ipsec identity
add peer=<remote IP of strongswan system> auth-method=pre-shared-key secret="<Put your preshared key here>" generate-policy=no
/ip ipsec profile
add name="ike2" hash-algorithm=sha1 enc-algorithm=aes-256,aes-192,aes-128,3des,des dh-group=modp2048,modp1024 lifetime=8h proposal-check=obey nat-traversal=no dpd-interval=2m dpd-maximum-failures=5
== OpenVPN ==
Information on how to setup OpenVPN.
== L2TP ==
Information on how to setup L2TP.
== TINC ==
Information on how to setup TINC.
== Wireguard ==
Information on how to setup Wireguard.
== Other ==
Any other information that doesn't fit elsewhere.
The following contains information on various VPN setups that you can use.
== IPSEC ==
Information on how to setup IPSEC tunnels.
=== Mikrotik to Strongswan==
==== Strongswan config ====
/etc/ipsec.conf:
conn <name>
authby=secret
auto=route
keyexchange=ike
left=<your local IP>
right=<remote IP of Mikrotik system>
leftikeport=500
rightikeport=500
type=transport
ike=aes256-sha1-modp1024!
esp=aes256-sha1!
dpddelay=5
dpdtimeout=20
dpdaction=clear
/etc/ipsec.secrets:
<your local IP> <remote IP of Mikrotik system> : PSK "<Put your preshared key here>"
==== Mikrotik Config ====
/ip ipsec policy
add src-address=0.0.0.0/0 dst-address=<remote IP of strongswan system> proposal=ike2 ipsec-protocols=esp
/ip ipsec proposal
add name="ike2" auth-algorithms=sha256,sha1 enc-algorithms=aes-256-cbc,aes-128-cbc lifetime=30m pfs-group=none
/ip ipsec peer
add name="<name of strongswan system>" address=<local IP> profile=ike2 exchange-mode=main send-initial-contact=yes
/ip ipsec identity
add peer=<remote IP of strongswan system> auth-method=pre-shared-key secret="<Put your preshared key here>" generate-policy=no
/ip ipsec profile
add name="ike2" hash-algorithm=sha1 enc-algorithm=aes-256,aes-192,aes-128,3des,des dh-group=modp2048,modp1024 lifetime=8h proposal-check=obey nat-traversal=no dpd-interval=2m dpd-maximum-failures=5
== OpenVPN ==
Information on how to setup OpenVPN.
== L2TP ==
Information on how to setup L2TP.
== TINC ==
Information on how to setup TINC.
== Wireguard ==
Information on how to setup Wireguard.
== Other ==
Any other information that doesn't fit elsewhere.