[vpn-help] iked.conf
John Cahill
email at johncahill.net
Fri May 17 08:29:33 CDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I'm tying to use the daemon to connect a Linux server to a draytek
router. I have successfully use the ikec clinet with the .vpn config
file below. I am trying to come up with an equivalent iked.conf file to
do this. I've man'ed the iked.conf file but am struggling to work out an
equivalent config. Any help would be greatly appreciated.
Many thanks,
John
n:version:4
n:network-ike-port:500
n:network-mtu-size:1380
n:client-addr-auto:0
n:network-natt-port:4500
n:network-natt-rate:15
n:network-frag-size:540
n:network-dpd-enable:1
n:network-notify-enable:0
n:client-banner-enable:0
n:client-dns-used:0
n:client-dns-auto:0
n:client-dns-suffix-auto:0
b:auth-mutual-psk:something_good
n:phase1-dhgroup:2
n:phase1-keylen:0
n:phase1-life-secs:86400
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
n:phase2-keylen:128
n:phase2-pfsgroup:0
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
n:policy-nailed:1
n:policy-list-auto:0
s:client-dns-addr:8.8.8.8
s:client-dns-suffix:atoll
s:network-host:11.22.33.44
s:client-auto-mode:disabled
s:client-iface:virtual
s:client-ip-addr:192.168.2.50
s:client-ip-mask:255.255.255.0
s:network-natt-mode:enable
s:network-frag-mode:enable
s:auth-method:mutual-psk
s:ident-client-type:fqdn
s:ident-client-data:atoll
s:ident-server-type:fqdn
s:ident-server-data:atoll
s:phase1-exchange:aggressive
s:phase1-cipher:3des
s:phase1-hash:sha1
s:phase2-transform:esp-3des
s:phase2-hmac:sha1
s:ipcomp-transform:disabled
s:policy-level:require
s:policy-list-include:192.168.2.0 / 255.255.255.0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJRljC4AAoJEJDWDcq/312/D8YQAI5xFwqyrJs2Q19jBTPKWqPN
Z5LQ6z9hLhGtrleEyqLQ3oGyEkSvt24ctl/kYMJzxWo5GBufBuftGFOADTrk8GiX
v09npCjH+f/ITmHm8l5apV5ornXnjprcRkZlaxhYi62n1SzXqnMNJCF8AdJnZdTU
f/OZeiw94NNP9VvEvJT9fucoQ00WED58F/5XHsPk2HcTqA1w+tJPCZLOdhf0eKyG
L150PPRuD+I2gWpvy4/SlFC3QpsYnIPgQGgBrp5wg79DzrmfhVVoiWbXOHm5z4xo
5xQ9/UggN3oFV6/RwtHWCFm6Ugu5DYhjWVq63fx2FSPLXH5LH9f9Fc9KYmdkExFK
8wglSkUXvX4B7XlmDJDqU+8uM9PSeg2sYfI2AnddA17wZtHNKgC65wpma7rtdzu4
FH6Rt766dsnRAjrFoJ6KvAWWByiDVIHIGXBlzTErnwSRuLcbgJ2XvPRECXLqaWGA
qC83P8KzHw75iwDYV1nMGwB6dKCbaf9IYJ2NvHq3BhPB6yilYK6hIT/wErJXEuWK
QnXePaiWskg3n+MlG1BJQ9K3adqSMkAYYmPQSmtEuVw4Bz7yK/qcphQypKC+Jq1J
NirA7Orz8vUTlXxrVCq3UDHtrZomVhx/DCJsENRkoSJmACKBoum6p4IEwjIl5t4O
0HV9BbBNJW4oqk/LNJjI
=HkeT
-----END PGP SIGNATURE-----
More information about the vpn-help
mailing list