Skip to content

Instantly share code, notes, and snippets.

@rlex

rlex/gist:2ec8562c4642032600e3e4c8a5acac4b

Created April 4, 2018 13:42
Show Gist options
  • Star 7 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save rlex/2ec8562c4642032600e3e4c8a5acac4b to your computer and use it in GitHub Desktop.
Save rlex/2ec8562c4642032600e3e4c8a5acac4b to your computer and use it in GitHub Desktop.
Download ZIP
Mikrotik <-> Linux GRE/IPSec, strongswan
Raw
gistfile1.txt
config setup
charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2, mgr 2"
conn %default
# keyexchange=ikev2
conn mikrotik-1
# Try connect on daemon start
auto=start
# Authentication by PSK (see ipsec.secret)
authby=secret
# Disable compression
compress=no
# Re-dial setings
closeaction=clear
dpddelay=30s
dpdtimeout=150s
dpdaction=restart
# ESP Authentication settings (Phase 2)
esp=aes128-sha1-modp2048,aes256-sha1-modp2048
# UDP redirects
forceencaps=no
# IKE Authentication and keyring settings (Phase 1)
ike=aes128-sha1-modp2048,aes256-sha1-modp2048
ikelifetime=86400s
keyingtries=%forever
lifetime=3600s
# Internet Key Exchange (IKE) version
# Default: Charon - ikev2, Pluto: ikev1
keyexchange=ikev1
# connection type
type=transport
# Peers
left=remote_ip
right=local_ip
# Protocol type. May not work in numeric then need set 'gre'
leftprotoport=47
rightprotoport=47
@rlex
Copy link
Author

rlex commented Jan 9, 2019
edited 

auto gre1
iface gre1 inet static
  address 192.168.44.10
  netmask 255.255.255.252
  pre-up ip tunnel add gre1 mode gre remote $remote_ip local $local_ip
  post-up route add -net 192.168.69.0/24 gw 192.168.44.10 dev gre1
  post-down ip tunnel del gre1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment