blob: 32a239520c5d168c00e6d66320e6b207254cbf34 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
#!/bin/vbash
if [ "$(id -g -n)" != 'vyattacfg' ] ; then
exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) $@"
fi
source /opt/vyatta/etc/functions/script-template
set vpn ipsec ike-group ike-g proposal 1 encryption aes256
set vpn ipsec ike-group ike-g proposal 1 hash sha1
set vpn ipsec ike-group ike-g proposal 1 dh-group 2
set vpn ipsec ike-group ike-g lifetime 28800
set vpn ipsec ike-group ike-g dead-peer-detection action restart
set vpn ipsec ike-group ike-g dead-peer-detection interval 15
set vpn ipsec ike-group ike-g dead-peer-detection timeout 90
set vpn ipsec esp-group esp-g proposal 1 encryption aes256
set vpn ipsec esp-group esp-g proposal 1 hash sha1
set vpn ipsec esp-group esp-g lifetime 3600
set vpn ipsec ipsec-interfaces interface eth1
set vpn ipsec site-to-site peer 10.0.1.12 authentication mode pre-shared-secret
set vpn ipsec site-to-site peer 10.0.1.12 authentication pre-shared-secret test
set vpn ipsec site-to-site peer 10.0.1.12 ike-group ike-g
set vpn ipsec site-to-site peer 10.0.1.12 default-esp-group esp-g
set vpn ipsec site-to-site peer 10.0.1.12 local-address 10.0.1.11
set vpn ipsec site-to-site peer 10.0.1.12 tunnel 1 local prefix 10.0.2.0/24
set vpn ipsec site-to-site peer 10.0.1.12 tunnel 1 remote prefix 10.0.3.0/24
commit
save
|
