Da usare per dispositivi portatili come telefonino o PC. Su alcuni dispositivi funziona solo in L2TP. Se è connesso ma sembra non navigare (ping ok) connessi alla rete di casa, provare ad inserire manualmente i DNS
sysname DareUnNomeAlRouter
#
l2tp enable
#
acl number 3020
description ACL ingresso WAN Local
rule 10 permit udp destination-port eq 1701
rule 50 permit udp destination-port eq 500
rule 60 permit udp destination-port eq 50
rule 70 permit udp destination-port eq 51
ipsec proposal prop
encapsulation-mode transport
esp authentication-algorithm sha2-256
esp encryption-algorithm aes-256
#
ike proposal default
encryption-algorithm aes-256 aes-192 aes-128
dh group14
authentication-algorithm sha2-512 sha2-384 sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
ike proposal 5
encryption-algorithm aes-256
dh group14
authentication-algorithm sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
ike peer peer1
pre-shared-key cipher <scrivere_password_preshared_in_chiaro>
ike-proposal 5
rsa encryption-padding oaep
rsa signature-padding pss
undo local-id-preference certificate enable
ikev2 authentication sign-hash sha2-256
#
ipsec policy-template temp1 10
ike-peer peer1
proposal prop
#
ipsec policy policy1 10 isakmp template temp1
#
free-rule-template name default_free_rule
#
ip pool LNS
gateway-list 10.200.0.1
network 10.200.0.0 mask 255.255.255.0
#
aaa
local-user USERNAME password cipher <scrivere_password_in_chiaro>
local-user USERNAME privilege level 0
local-user USERNAME service-type ppp
#
#
firewall interzone Local WAN
firewall enable
packet-filter 3020 inbound
interface Dialer1
ipsec policy policy1
#
#
interface Virtual-Template1
ppp authentication-mode chap
remote address pool LNS
ip address 10.200.0.1 255.255.255.0
#
#
l2tp-group 1
undo tunnel authentication
allow l2tp virtual-template 1
#