Esse artigo foi homologado no equipamento CHR, na versão v7.20.1, o uso em uma versão diferente pode não resultar da mesma forma.
/ip/ipsec/active-peers/print
/ip/ipsec/policy/print
/ip/ipsec/profile/add \
name=AUTH1 \
dh-group=modp2048,modp1536 \
enc-algorithm=aes-256 \
hash-algorithm=sha256 \
nat-traversal=no \
#
/ip/ipsec/peer/add \
name=MIH-VPN1 \
address=100.64.11.2/32 \
exchange-mode=main \
local-address=100.64.22.2 \
port=500 \
profile=AUTH1 \
#
/ip/ipsec/identity/add \
peer=MIH-VPN1 \
secret=SenhaSegura#@2025 \
#
/ip/ipsec/proposal/add \
name=PROPOSAL1 \
auth-algorithms=sha256 \
enc-algorithms=aes-256-cbc \
pfs-group=modp2048 \
#
/ip/ipsec/policy/add \
dst-address=0.0.0.0/0 \
peer=FORTIGATE-VPN1 \
proposal=PROPOSAL1 \
src-address=10.66.9.0/24 \
tunnel=yes \
#
/ip/ipsec/policy/add \
dst-address=10.66.9.0/24 \
peer=FORTIGATE-VPN1 \
proposal=PROPOSAL1 \
src-address=0.0.0.0/0 \
tunnel=yes \
#
/ip/address/add \
address=10.66.101.2/24 \
interface=ether1 \
#
/ip/address/add \
address=10.64.255.2 \
interface=lo \
#
/routing/ospf/instance/add disabled=no \
name=OSPF-0 \
redistribute=static \
router-id=10.64.255.2 \
#
/routing/ospf/area/add \
disabled=no \
instance=OSPF-0 \
name=BACKBONE-IPV4 \
#
/routing/ospf/interface-template/add \
area=BACKBONE-IPV4 \
comment="!::MIH-VPN1" \
interfaces=ether1 \
networks=10.66.101.0/24 \
disabled=yes \
type=ptp \
#
/routing/ospf/interface-template/add \
area=BACKBONE-IPV4 \
comment="!::LOOPBACK" \
interfaces=lo \
networks=10.64.255.2 \
disabled=yes \
passive \
type=ptp \
#