26: Configuring IPSec
_______________________________________________________________________________________________________
_____________________________________________________________________________________________________
© Virtual Access 2017
GW1000 Series User Manual
Issue: 1.9 Page 239 of 350
Web: N/A
UCI: strongswan.@secret[X].userfqnd
Opt: userfqnd
FQDN or Xauth name used of Extended Authentication. This must
match xauth_identity from the configuration connection section.
Web: Secret Type
UCI: strongswan.@secret[X].secrettype
Opt: secrettype
Specifies the authentication mechanism to be used by the two
peers.
Elliptic Curve DSA signatures
Web: Secret
UCI: strongswan.@secret[X].secret
Opt: secret
Table 80: Information table for IPSec secret settings
26.5 Configuring an IPSec template to use with
DMVPN
The following example shows how to configure an IPSec connection template to use with
DMVPN.
# Commands
touch /etc/config/strongswan
uci set strongswan.general=general
uci set strongswan.general.enabled=yes
uci set strongswan.general.strictcrlpolicy=no
uci set strongswan.general.uniqueids=yes
uci set strongswan.general.cachecrls=yes
uci set strongswan.general.nattraversal=yes
uci add strongswan connection
uci set strongswan.@connection[0].enabled=yes
uci set strongswan.@connection[0].name=dmvpn
uci set strongswan.@connection[0].type=transport
uci set strongswan.@connection[0].localproto=gre
uci set strongswan.@connection[0].remoteproto=gre
uci set strongswan.@connection[0].ike=aes-sha1-modp1024
uci set strongswan.@connection[0].esp=aes128-sha1
uci set strongswan.@connection[0].waniface=lan4
uci set strongswan.@connection[0].auto=ignore
uci set strongswan.@connection[0].ikelifetime=28800s
uci set strongswan.@connection[0].keylife=300s
uci set strongswan.@connection[0].rekeymargin=30s
uci set strongswan.@connection[0].keyingtries=%forever
To Next Page
Loading...