## CentreCOM AR550S ݒW 2.9
##  198 [gANZX^L2TP{IPsec VPNResponder Rekey Extensionɂ鎀ĎiNCAgWindows XP/Vista/7AiPhone/iPadAndroid(TM)[j{_Ci~bNDNST[rX
##  [^[̃RtBO
##
## u#vŎn܂śAR\[͂ȂƈӖȂR}hłB

ADD USER=secoff PASSWORD=PasswordS PRIVILEGE=SECURITYOFFICER
CREATE PPP=0 OVER=eth0-ANY
SET PPP=0 OVER=eth0-ANY USER=user@isp PASSWORD=isppasswd IPREQUEST=ON LQR=OFF BAP=OFF ECHO=ON
ENABLE IP
ADD IP INT=vlan1 IP=192.168.10.1 MASK=255.255.255.0
ENABLE IP REMOTEASSIGN
ADD IP INT=ppp0 IP=0.0.0.0
ADD IP ROUTE=0.0.0.0 INT=ppp0 NEXTHOP=0.0.0.0
ADD USER=AAA PASSWORD=PasswordA LOGIN=NO
ADD USER=BBB PASSWORD=PasswordB LOGIN=NO
ADD USER=CCC PASSWORD=PasswordC LOGIN=NO
ADD USER=DDD PASSWORD=PasswordD LOGIN=NO
CREATE IP POOL=VPNC IP=192.168.8.1-192.168.8.10
CREATE PPP TEMPLATE=1 IPPOOL=VPNC AUTHENTICATION=CHAP BAP=OFF ECHO=30 RECHALLENGE=OFF VJC=ON
ENABLE L2TP
ENABLE L2TP SERVER=BOTH
ADD L2TP IP=0.0.0.0-255.255.255.255 PPPTEMPLATE=1
ENABLE DDNS
SET DDNS DYNAMICHOST=test.dyndns.org
SET DDNS USER=test PASSWORD=test
SET DDNS PRIMARYINT=ppp0
ENABLE FIREWALL
CREATE FIREWALL POLICY=net
ENABLE FIREWALL POLICY=net ICMP_F=PING,UNREACHABLE
DISABLE FIREWALL POLICY=net IDENTPROXY
CREATE FIREWALL POLICY=net DYNAMIC=vpnif
ADD FIREWALL POLICY=net DYNAMIC=vpnif USER=ANY
ADD FIREWALL POLICY=net INT=vlan1 TYPE=PRIVATE
ADD FIREWALL POLICY=net INT=ppp0 TYPE=PUBLIC
ADD FIREWALL POLICY=net INT=DYN-vpnif TYPE=PRIVATE
ADD FIREWALL POLICY=net NAT=ENHANCED INT=vlan1 GBLINT=ppp0
ADD FIREWALL POLICY=net NAT=ENHANCED INT=DYN-vpnif GBLINT=ppp0
ADD FIREWALL POLICY=net RULE=1 AC=ALLOW INT=ppp0 PROT=UDP GBLPORT=500 GBLIP=0.0.0.0 PORT=500 IP=0.0.0.0
ADD FIREWALL POLICY=net RULE=2 AC=ALLOW INT=ppp0 PROT=UDP GBLPORT=4500 GBLIP=0.0.0.0 PORT=4500 IP=0.0.0.0
ADD FIREWALL POLICY=net RULE=3 AC=ALLOW INT=ppp0 PROT=UDP GBLPORT=1701 GBLIP=0.0.0.0 PORT=1701 IP=0.0.0.0 ENCAP=IPSEC
# CREATE ENCO KEY=1 TYPE=GENERAL VALUE="secret"
CREATE ISAKMP POLICY="i" PEER=ANY KEY=1 SENDN=TRUE NATTRAVERSAL=TRUE
SET ISAKMP POLICY="i" ENCALG=3DESOUTER HASHALG=SHA GROUP=2
SET ISAKMP POLICY="i" EXPIRYSECOND=600 REKEY=true
CREATE IPSEC SASPEC=1 KEYMAN=ISAKMP PROTOCOL=ESP ENCALG=AES256 HASHALG=SHA MODE=TRANSPORT
CREATE IPSEC SASPEC=2 KEYMAN=ISAKMP PROTOCOL=ESP ENCALG=AES128 HASHALG=SHA MODE=TRANSPORT
CREATE IPSEC SASPEC=3 KEYMAN=ISAKMP PROTOCOL=ESP ENCALG=3DESOUTER HASHALG=SHA MODE=TRANSPORT
CREATE IPSEC BUNDLE=1 KEYMAN=ISAKMP STRING="1 or 2 or 3"
CREATE IPSEC POLICY=isa INT=ppp0 ACTION=PERMIT LPORT=500 TRANSPORT=UDP
CREATE IPSEC POLICY=nat INT=ppp0 ACTION=PERMIT LPORT=4500 TRANSPORT=UDP
CREATE IPSEC POLICY=L2 INT=ppp0 ACTION=IPSEC KEYMAN=ISAKMP BUNDLE=1 PEER=DYNAMIC
SET IPSEC POLICY=L2 LPORT=1701 TRANSPORT=UDP
CREATE IPSEC POLICY="inet" INT=ppp0 ACTION=PERMIT
ENABLE IPSEC
ENABLE ISAKMP
# LOGIN secoff
# ENABLE SYSTEM SECURITY_MODE
