## CentreCOM AR560S 設定例集 2.9 ## 198 リモートアクセス型L2TP+IPsec VPNとResponder Rekey Extensionによる死活監視(クライアントはWindows XP/Vista/7、iPhone/iPadおよびAndroid(TM)端末)+ダイナミックDNSサービス ## ルーターのコンフィグ ## ## 「#」で始まる行は、コンソールから入力しないと意味を持たないコマンドです。 ADD USER=secoff PASSWORD=PasswordS PRIVILEGE=SECURITYOFFICER CREATE PPP=0 OVER=eth0-ANY SET PPP=0 OVER=eth0-ANY USER=user@isp PASSWORD=isppasswd IPREQUEST=ON LQR=OFF BAP=OFF ECHO=ON ENABLE IP ADD IP INT=vlan1 IP=192.168.10.1 MASK=255.255.255.0 ENABLE IP REMOTEASSIGN ADD IP INT=ppp0 IP=0.0.0.0 ADD IP ROUTE=0.0.0.0 INT=ppp0 NEXTHOP=0.0.0.0 ADD USER=AAA PASSWORD=PasswordA LOGIN=NO ADD USER=BBB PASSWORD=PasswordB LOGIN=NO ADD USER=CCC PASSWORD=PasswordC LOGIN=NO ADD USER=DDD PASSWORD=PasswordD LOGIN=NO CREATE IP POOL=VPNC IP=192.168.8.1-192.168.8.10 CREATE PPP TEMPLATE=1 IPPOOL=VPNC AUTHENTICATION=CHAP BAP=OFF ECHO=30 RECHALLENGE=OFF VJC=ON ENABLE L2TP ENABLE L2TP SERVER=BOTH ADD L2TP IP=0.0.0.0-255.255.255.255 PPPTEMPLATE=1 ENABLE DDNS SET DDNS DYNAMICHOST=test.dyndns.org SET DDNS USER=test PASSWORD=test SET DDNS PRIMARYINT=ppp0 ENABLE FIREWALL CREATE FIREWALL POLICY=net ENABLE FIREWALL POLICY=net ICMP_F=PING,UNREACHABLE DISABLE FIREWALL POLICY=net IDENTPROXY CREATE FIREWALL POLICY=net DYNAMIC=vpnif ADD FIREWALL POLICY=net DYNAMIC=vpnif USER=ANY ADD FIREWALL POLICY=net INT=vlan1 TYPE=PRIVATE ADD FIREWALL POLICY=net INT=ppp0 TYPE=PUBLIC ADD FIREWALL POLICY=net INT=DYN-vpnif TYPE=PRIVATE ADD FIREWALL POLICY=net NAT=ENHANCED INT=vlan1 GBLINT=ppp0 ADD FIREWALL POLICY=net NAT=ENHANCED INT=DYN-vpnif GBLINT=ppp0 ADD FIREWALL POLICY=net RULE=1 AC=ALLOW INT=ppp0 PROT=UDP GBLPORT=500 GBLIP=0.0.0.0 PORT=500 IP=0.0.0.0 ADD FIREWALL POLICY=net RULE=2 AC=ALLOW INT=ppp0 PROT=UDP GBLPORT=4500 GBLIP=0.0.0.0 PORT=4500 IP=0.0.0.0 ADD FIREWALL POLICY=net RULE=3 AC=ALLOW INT=ppp0 PROT=UDP GBLPORT=1701 GBLIP=0.0.0.0 PORT=1701 IP=0.0.0.0 ENCAP=IPSEC # CREATE ENCO KEY=1 TYPE=GENERAL VALUE="secret" CREATE ISAKMP POLICY="i" PEER=ANY KEY=1 SENDN=TRUE NATTRAVERSAL=TRUE SET ISAKMP POLICY="i" ENCALG=3DESOUTER HASHALG=SHA GROUP=2 SET ISAKMP POLICY="i" EXPIRYSECOND=600 REKEY=true CREATE IPSEC SASPEC=1 KEYMAN=ISAKMP PROTOCOL=ESP ENCALG=AES256 HASHALG=SHA MODE=TRANSPORT CREATE IPSEC SASPEC=2 KEYMAN=ISAKMP PROTOCOL=ESP ENCALG=AES128 HASHALG=SHA MODE=TRANSPORT CREATE IPSEC SASPEC=3 KEYMAN=ISAKMP PROTOCOL=ESP ENCALG=3DESOUTER HASHALG=SHA MODE=TRANSPORT CREATE IPSEC BUNDLE=1 KEYMAN=ISAKMP STRING="1 or 2 or 3" CREATE IPSEC POLICY=isa INT=ppp0 ACTION=PERMIT LPORT=500 TRANSPORT=UDP CREATE IPSEC POLICY=nat INT=ppp0 ACTION=PERMIT LPORT=4500 TRANSPORT=UDP CREATE IPSEC POLICY=L2 INT=ppp0 ACTION=IPSEC KEYMAN=ISAKMP BUNDLE=1 PEER=DYNAMIC SET IPSEC POLICY=L2 LPORT=1701 TRANSPORT=UDP CREATE IPSEC POLICY="inet" INT=ppp0 ACTION=PERMIT ENABLE IPSEC ENABLE ISAKMP # LOGIN secoff # ENABLE SYSTEM SECURITY_MODE