回復 11# gfx86674
謝謝分享,終於將你的script整理成一個單一script for Android & IOS 手機- /ip pool
- add name=IPSec_Xauth ranges=172.19.15.0/24
- /ip ipsec mode-config
- add address-pool=IPSec_Xauth address-prefix-length=24 \
- name="IPSec_Xauth (Android)" split-include=0.0.0.0/0
- /ip ipsec policy group
- add name="IPSec_Xauth (Android)"
- /ip ipsec policy
- add comment="IPSec_Xauth (Android)" dst-address=0.0.0.0/0 \
- group="IPSec_Xauth (Android)" src-address=172.19.15.0/24 template=yes
- /ip ipsec peer
- add auth-method=pre-shared-key-xauth comment="IPSec_Xauth (Android)" \
- enc-algorithm=aes-128 generate-policy=port-strict \
- mode-config="IPSec_Xauth (Android)" \
- passive=yes policy-template-group="IPSec_Xauth (Android)" secret=abcde1234
- /ip firewall mangle
- add action=change-mss chain=forward dst-address=172.19.15.0/30 new-mss=\
- clamp-to-pmtu passthrough=no protocol=tcp tcp-flags=syn
- add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=no \
- protocol=tcp src-address=172.19.15.0/30 tcp-flags=syn
- /ip ipsec mode-config
- add address-pool=IPSec_Xauth address-prefix-length=24 \
- name="IPSec_Xauth (IOS)" send-dns=no split-include=0.0.0.0/1,128.0.0.0/1
- /ip ipsec policy group
- add name="IPSec_Xauth (IOS)"
- /ip ipsec proposal
- add lifetime=8h name=xauth pfs-group=none
- /ip ipsec peer
- add auth-method=pre-shared-key-xauth comment="IPSec_Xauth (IOS)" \
- enc-algorithm=aes-128 generate-policy=port-strict lifetime=8h \
- local-address=123.123.123.123 mode-config="IPSec_Xauth (IOS)" \
- nat-traversal=no passive=yes policy-template-group="IPSec_Xauth (IOS)" \
- secret=abcde1234
- /ip ipsec policy
- add comment="IPSec_Xauth (IOS)" dst-address=0.0.0.0/1 group="IPSec_Xauth (IOS)" \
- proposal=xauth src-address=172.19.15.0/30 template=yes
- add comment="IPSec_Xauth (IOS)" dst-address=128.0.0.0/1 group="IPSec_Xauth (IOS)" \
- proposal=xauth src-address=172.19.15.0/30 template=yes
|
發表於 2015-8-1 12:54
|