26: Configuring IPSec
_______________________________________________________________________________________________________
_____________________________________________________________________________________________________
© Virtual Access 2017
GW1000 Series User Manual
Issue: 1.9 Page 229 of 350
option enabled 'yes'
option name '3G_Backup'
option auto 'start'
option type 'tunnel'
option remoteaddress '100.100.100.100 '
option localid '192.168.209.1'
option remoteid '100.100.100.100 '
option locallan '192.168.209.1'
option locallanmask '255.255.255.255'
option remotelan '172.19.101.3'
option remotelanmask '255.255.255.255'
option authby 'xauthpsk'
option xauth_identity 'testxauth'
option ike '3des-md5-modp1024'
option esp '3des-md5'
option waniface 'wan'
option dpdaction 'hold'
26.3.3 Shunt connection
If the remote LAN network is 0.0.0.0/0 then all traffic generated on the local LAN will be
sent via the IPSec tunnel. This includes the traffic destined to the router’s IP address. To
avoid this situation you must include an additional config connection section.
# Commands
touch /etc/config/strongswan
uci add strongswan connection
uci set strongswan.@connection[1].name=local
uci set strongswan.@connection[1].enabled=yes
uci set strongswan.@connection[1].locallan=10.1.1.1
uci set strongswan.@connection[1].locallanmask=255.255.255.255
uci set strongswan.@connection[1].remotelan=10.1.1.0
uci set strongswan.@connection[1].remotelanmask=255.255.255.0
uci set strongswan.@connection[1].type=pass
uci set strongswan.@connection[1].auto=route
uci commit
This will create the following output:
config connection
To Next Page
Loading...
Need help?
General