Created
December 4, 2011 11:27
-
-
Save yeah/1429945 to your computer and use it in GitHub Desktop.
VPN configuration for FRITZ!Box connecting to a pfSense router using IPsec
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vpncfg { | |
connections { | |
enabled = yes; | |
conn_type = conntype_lan; | |
name = "VPN tunnel to pfSense box at work"; // an identificator for your connection - pick anything | |
always_renew = no; | |
reject_not_encrypted = no; | |
dont_filter_netbios = yes; | |
localip = 0.0.0.0; | |
local_virtualip = 0.0.0.0; | |
remoteip = 192.168.1.100; // an unused IP address within your pfSense subnet | |
remote_virtualip = 0.0.0.0; | |
remotehostname = "your-pfsense.dyndns.org"; // the permanent hostname of your pfSense box | |
localid { | |
fqdn = "your-fritz.dyndns.org"; // the permanent hostname of your FRITZ!Box | |
} | |
remoteid { | |
fqdn = "your-pfsense.dyndns.org"; // again, the permanent hostname of your pfSense box | |
} | |
mode = phase1_mode_aggressive; | |
phase1ss = "def/3des/sha"; | |
keytype = connkeytype_pre_shared; | |
key = "a-random-secret-shared-key"; // the same pre-shared key you used when configuring pfSense | |
cert_do_server_auth = no; | |
use_nat_t = no; | |
use_xauth = no; | |
use_cfgmode = no; | |
phase2localid { | |
ipnet { | |
ipaddr = 192.168.178.0; // the subnet IP address of your FRITZ!Box - the default being 192.168.178.0 | |
mask = 255.255.255.0; // the subnet netmask of your FRITZ!Box - the default being 255.255.255.0 | |
} | |
} | |
phase2remoteid { | |
ipnet { | |
ipaddr = 192.168.1.0; // the subnet IP address of your pfSense box - the default being 192.168.1.0 | |
mask = 255.255.255.0; // the subnet netmask of your pfSense box - the default being 255.255.255.0 | |
} | |
} | |
phase2ss = "esp-3des-sha/ah-no/comp-no/pfs"; | |
accesslist = "permit ip any 192.168.1.0 255.255.255.0"; // again, the subnet IP address and netmask of your pfSense box | |
} | |
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500", "udp 0.0.0.0:4500 0.0.0.0:4500"; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment