Differences

This shows you the differences between two versions of the page.

--- technical:ipsec:routeros [2024/06/19 20:59] – created jc
+++ technical:ipsec:routeros [2024/12/13 15:52] (current) – jc
@@ Line 1: / Line 1: @@
 <markdown>
-# RouterOS IPSec Site to Site VPN
+# RouterOS Site to Site IPSec VPN
-## Create Peer
+## Create IPSec
+### Peer
 ```
 /ip/ipsec/peer/add name="$peer_name" address=$peer_address profile=$profile_name exchange-mode=ike2 send-initial-contact=yes
 ```
-## Create Identity
+### Identity
 ```
 /ip/ipsec/identity/add peer=$peer_name auth-method=pre-shared-key secret="$secret" generate-policy=no policy-template-group=$policy_name
+```
+### Proposal
+```
+/ip/ipsec/proposal/add name="$proposal_name" auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=30m pfs-group=modp2048
+```
+### Profile
+```
+/ip/ipsec/profile/add name="$profile_name" hash-algorithm=sha256 prf-algorithm=sha256 enc-algorithm=aes-256 dh-group=modp2048 lifetime=1d proposal-check=obey nat-traversal=yes dpd-interval=2m dpd-maximum-failures=5
+```
+### Policy
+```
+/ip/ipsec/policy/add peer=$peer_name tunnel=yes src-address=$local_subnet src-port=any dst-address=$remote_subnet dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp sa-src-address=0.0.0.0 sa-dst-address=$dest_addr proposal=$proposal_name priority=0x20000 ph2-count=1 ph2-state=no-phase2
+```
+## Create Firewall NAT Rule
+```
+/ip/firewall/nat/add chain=srcnat action=accept src-address=$local_subnet dst-address=$remote_subnet log=no log-prefix="" place-before=0
+```
+## ~WIP~ Dynamic IPSec IPv4 or IPv6 Address
+### Script
+```
+:global ip [:resolve myip.opendns.com server=208.67.222.222];
+put $ip
+```
+### Pre-deployment
+```
+scp dynamic_ipsec_script.sh $user@hostname
+```
+## DNS Server
+```
+$hostname A $IPv4|$IPv6
 ```
 </markdown>

生まれ変わる - umarekawaru

User Tools

Site Tools

Differences

Page Tools