User Tools

Site Tools


flyrouter:ipsec-zywall

Настройка IPSec связки FlyRouter и ZyWall

Конфигурационные файлы предоставлены системнымным администратором ООО «Молочный Дом» (Торговая марка «Фанни»), г.Павлоград

Пример конфигурационного файла на FlyRouter:

# /etc/ipsec.conf - Openswan IPsec configuration file

# basic configuration
config setup
   interfaces="ipsec0=eth1"
   klipsdebug=none
   plutodebug=none
   # nat_traversal=yes
   # virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12

# add connections here
conn zywall
   left=192.168.1.1
   leftsubnet=192.168.20.0/24
   leftnexthop=192.168.1.161
   right=192.168.1.161
   rightsubnet=10.0.0.0/8
   rightnexthop=192.168.1.1
   auto=add
   pfs=yes
   authby=secret
   keylife=9600s

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf 


Настройка ZyWall. Menu 27.1.1 - IPSec Setup

Index #= 4        Name= TOLinux
Active= Yes       Keep Alive= Yes   Nat Traversal= No
Local ID type= IP         Content= 192.168.1.161
My IP Addr= 192.168.1.161
Peer ID type= IP          Content= 192.168.1.1
Secure Gateway Address= 192.168.1.1
Protocol= 0
Local:  Addr Type= SUBNET
   IP Addr Start= 10.0.0.0         End/Subnet Mask= 255.0.0.0
      Port Start= 0                End= N/A
Remote: Addr Type= SUBNET
   IP Addr Start= 192.168.20.0     End/Subnet Mask= 255.255.255.0
      Port Start= 0                End= N/A
Enable Replay Detection= No
Key Management= IKE
Edit Key Management Setup= No


Настройка ZyWall. Menu 27.1.1.1 - IKE Setup

Phase 1
   Negotiation Mode= Main
   PSK= 12345678
   Encryption Algorithm= 3DES
   Authentication Algorithm= MD5
   SA Life Time (Seconds)= 3600
   Key Group= DH2

Phase 2
   Active Protocol= ESP
   Encryption Algorithm= 3DES
   Authentication Algorithm= MD5
   SA Life Time (Seconds)= 9600
   Encapsulation= Tunnel
   Perfect Forward Secrecy (PFS)= DH2


flyrouter/ipsec-zywall.txt · Last modified: 2018/04/09 15:36 (external edit)