ros routeros ikev2 ipsec传输模式配置

Posted itfat

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ros routeros ikev2 ipsec传输模式配置相关的知识,希望对你有一定的参考价值。

客户端配置:

/interface bridge
add name=bridge1-wan
/interface ethernet
set [ find default-name=ether1 ] name=ether1-wan
set [ find default-name=ether2 ] name=ether2-wan
set [ find default-name=ether3 ] name=ether3-wan
set [ find default-name=ether4 ] name=ether4-wan
set [ find default-name=ether5 ] name=ether5-lan
/interface pppoe-client
add disabled=no interface=bridge1-wan name=pppoe-out1 password=123456 user=xxxxxxxx
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec mode-config
add name=cfg1 responder=no
/ip ipsec profile
add enc-algorithm=aes-256 hash-algorithm=sha256 name=ikev2-profile1
/ip ipsec peer
add address=x.x.x.x/32 exchange-mode=ike2 name=ikev2-peer1 profile=ikev2-profile1
/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc name=ikev2-proposal1 pfs-group=none
/interface bridge port
add bridge=bridge1-wan interface=ether1-wan
add bridge=bridge1-wan interface=ether2-wan
add bridge=bridge1-wan interface=ether3-wan
add bridge=bridge1-wan interface=ether4-wan
/ip address
add address=192.168.90.100/24 interface=ether5-lan network=192.168.90.0
/ip cloud
set update-time=no
/ip dns
set servers=114.114.114.114
/ip firewall nat
add action=accept chain=srcnat dst-address=10.10.2.0/24 src-address=192.168.77.0/24
add action=masquerade chain=srcnat out-interface=pppoe-out1
/ip ipsec identity
add generate-policy=port-strict mode-config=cfg1 peer=ikev2-peer1 secret=12345678
/ip route
add distance=1 gateway=pppoe-out1
add distance=1 dst-address=192.168.0.0/16 gateway=192.168.90.254

 

服务端配置:

/interface ethernet
set [ find default-name=ether1 ] name=ether1-wan
set [ find default-name=ether2 ] name=ether2-lan
/ip ipsec profile
add enc-algorithm=aes-256 hash-algorithm=sha256 name=ikev2-profile1
/ip ipsec peer
add exchange-mode=ike2 name=ikev2-peer1 passive=yes profile=ikev2-profile1 send-initial-contact=no
/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc name=ikev2-proposal1 pfs-group=none
/ip pool
add name=ikev2-pool ranges=192.168.77.2-192.168.77.254
/ip ipsec mode-config
add address-pool=ikev2-pool address-prefix-length=32 name=cfg1 split-include=10.10.2.0/24 system-dns=no
/ip address
add address=x.x.x.x/28 interface=ether1-wan network=x.x.x.x
add address=10.10.2.100/24 interface=ether2-lan network=10.10.2.0
/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.77.0/24 src-address=10.10.2.0/24
add action=masquerade chain=srcnat out-interface=ether1-wan
/ip ipsec identity
add generate-policy=port-strict mode-config=cfg1 peer=ikev2-peer1 secret=12345678
/ip route
add distance=1 gateway=x.x.x.x
add distance=1 dst-address=192.168.12.0/24 gateway=10.10.2.254

以上是关于ros routeros ikev2 ipsec传输模式配置的主要内容,如果未能解决你的问题,请参考以下文章

IPSec之IKEv2详解

IKEV2 ipsec 在ubuntu18.04下配置过程(一)

ros routeros 脚本命令script

可以在windows下使用虚拟机软件,然后安装routeros让routeros管理实际网络吗?

ROS routeros mikrotik路由器CVE-2018-14847漏洞

win7 l2tp/ipsec连接 错误809