Skip to content

Instantly share code, notes, and snippets.

@bjoern-r

bjoern-r/racoon-xauth-psk.conf

Last active August 21, 2017 07:54
Show Gist options
  • Save bjoern-r/5cc6df86981e9b98435c to your computer and use it in GitHub Desktop.
Save bjoern-r/5cc6df86981e9b98435c to your computer and use it in GitHub Desktop.
Download ZIP
android vpn ipsec xauth psk
Raw
racoon-xauth-psk.conf
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
timer {
# NOTE: varies between carriers
natt_keepalive 45 sec;
}
listen {
isakmp 78.47.68.26[500];
isakmp_natt 78.47.68.26[4500];
}
remote anonymous {
exchange_mode aggressive,main;
passive on;
proposal_check strict;
generate_policy on;
nat_traversal on;
dpd_delay 45;
proposal {
encryption_algorithm aes256;
hash_algorithm sha1;
authentication_method xauth_psk_server;
dh_group modp1024;
}
}
sainfo anonymous {
encryption_algorithm aes256;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
log info;
mode_cfg {
auth_source system;
conf_source local;
accounting system;
network4 10.44.0.0;
netmask4 255.255.255.255;
}
+++++++++++
#/sbin/iptables -A INPUT -i eth0 -m policy --pol ipsec --dir in -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 10.44.0.0/24 -j MASQUERADE
#/sbin/iptables -A FORWARD -s 10.44.0.0/24 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1420
echo 1 >/proc/sys/net/ipv4/ip_no_pmtu_disc
/sbin/iptables -t mangle -A FORWARD -s 10.44.0.0/24 -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1361:1536 -j TCPMSS --set-mss 1360
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment