Конфигурационные файлы предоставлены системнымным администратором ООО «Молочный Дом» (Торговая марка «Фанни»), г.Павлоград
Пример конфигурационного файла на FlyRouter:
# /etc/ipsec.conf - Openswan IPsec configuration file # basic configuration config setup interfaces="ipsec0=eth1" klipsdebug=none plutodebug=none # nat_traversal=yes # virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12 # add connections here conn zywall left=192.168.1.1 leftsubnet=192.168.20.0/24 leftnexthop=192.168.1.161 right=192.168.1.161 rightsubnet=10.0.0.0/8 rightnexthop=192.168.1.1 auto=add pfs=yes authby=secret keylife=9600s #Disable Opportunistic Encryption include /etc/ipsec.d/examples/no_oe.conf
Настройка ZyWall. Menu 27.1.1 - IPSec Setup
Index #= 4 Name= TOLinux Active= Yes Keep Alive= Yes Nat Traversal= No Local ID type= IP Content= 192.168.1.161 My IP Addr= 192.168.1.161 Peer ID type= IP Content= 192.168.1.1 Secure Gateway Address= 192.168.1.1 Protocol= 0 Local: Addr Type= SUBNET IP Addr Start= 10.0.0.0 End/Subnet Mask= 255.0.0.0 Port Start= 0 End= N/A Remote: Addr Type= SUBNET IP Addr Start= 192.168.20.0 End/Subnet Mask= 255.255.255.0 Port Start= 0 End= N/A Enable Replay Detection= No Key Management= IKE Edit Key Management Setup= No
Настройка ZyWall. Menu 27.1.1.1 - IKE Setup
Phase 1 Negotiation Mode= Main PSK= 12345678 Encryption Algorithm= 3DES Authentication Algorithm= MD5 SA Life Time (Seconds)= 3600 Key Group= DH2 Phase 2 Active Protocol= ESP Encryption Algorithm= 3DES Authentication Algorithm= MD5 SA Life Time (Seconds)= 9600 Encapsulation= Tunnel Perfect Forward Secrecy (PFS)= DH2