Konfiguracja IPSec VPN na BB10 z MT
Konfiguracja na MT
/interface bridge
add fast-forward=no name=vpn-bridge
/ip ipsec peer profile
add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha256 name=\
profile_1
/ip ipsec proposal
add auth-algorithms=sha256,sha1 enc-algorithms=aes-256-cbc,aes-128-cbc name=\
ikev2-proposal pfs-group=modp4096
/ip pool
add name=ipsec-pool ranges=192.168.111.2-192.168.111.10
/ip ipsec mode-config
add address-pool=ipsec-pool address-prefix-length=32 name=ikev2_cfg \
system-dns=no
/ip address
add address=192.168.111.1/24 interface=vpn-bridge network=192.168.111.0
/ip firewall nat
add action=masquerade chain=srcnat comment="maskarada na vpn" out-interface=\
ether10 src-address=192.168.111.0/24
/ip ipsec peer
add address=0.0.0.0/0 exchange-mode=ike2 generate-policy=port-strict \
mode-config=ikev2_cfg passive=yes profile=profile_1 secret=\
haslo
/ip ipsec policy
add dst-address=192.168.111.0/24 proposal=ikev2-proposal src-address=\
0.0.0.0/0 template=yes
Konfiguracja na BB10
Michał Łasisz 