Untitled

mail@pastecode.io avatar
unknown
plain_text
7 months ago
5.3 kB
0
Indexable
Never
[TGBIKENG]
<?xml version="1.0" encoding="ISO-8859-1"?>
<tgbconfig>
  <cfg_ikev2>
    <cfg_connectionv2 name="CLUSTER">
      <cfg_ike_sa name="CLUSTER" family="AF_AUTO">
        <server>x.x.x.x</server>
        <port>500</port>
        <port_nat>4500</port_nat>
        <ikeauth_lifetime>14400</ikeauth_lifetime>
        <retries>3</retries>
        <gateway_timeout>5</gateway_timeout>
        <cfg_dynamic_param_lst />
        <cfg_dpd>
          <interval>30</interval>
          <retrans>5</retrans>
          <wait>5</wait>
        </cfg_dpd>
        <cfg_sa>
          <proposal protocol="IKE">
            <transform type="ENCR_ALGO" keylength="256">AES_GCM_16</transform>
            <transform type="ENCR_ALGO" keylength="192">AES_GCM_16</transform>
            <transform type="ENCR_ALGO" keylength="128">AES_GCM_16</transform>
            <transform type="ENCR_ALGO" keylength="256">AES_CTR</transform>
            <transform type="ENCR_ALGO" keylength="192">AES_CTR</transform>
            <transform type="ENCR_ALGO" keylength="128">AES_CTR</transform>
            <transform type="ENCR_ALGO" keylength="256">AES_CBC</transform>
            <transform type="ENCR_ALGO" keylength="192">AES_CBC</transform>
            <transform type="ENCR_ALGO" keylength="128">AES_CBC</transform>
            <transform type="PRF">PRF_HMAC_SHA2_512</transform>
            <transform type="PRF">PRF_HMAC_SHA2_384</transform>
            <transform type="PRF">PRF_HMAC_SHA2_256</transform>
            <transform type="INTEG">AUTH_HMAC_SHA2_512_256</transform>
            <transform type="INTEG">AUTH_HMAC_SHA2_384_192</transform>
            <transform type="INTEG">AUTH_HMAC_SHA2_256_128</transform>
            <transform type="DH_GROUP">DH_BRAINPOOLP256_R1</transform>
            <transform type="DH_GROUP">DH_ECP_521</transform>
            <transform type="DH_GROUP">DH_ECP_384</transform>
            <transform type="DH_GROUP">DH_ECP_256</transform>
            <transform type="DH_GROUP">DH_MODP_8192</transform>
            <transform type="DH_GROUP">DH_MODP_6144</transform>
            <transform type="DH_GROUP">DH_MODP_4096</transform>
            <transform type="DH_GROUP">DH_MODP_3072</transform>
            <transform type="DH_GROUP">DH_MODP_2048</transform>
          </proposal>
        </cfg_sa>
        <identity type="ID_RFC822_ADDR" location="local">replace.with.your.mail</identity>
        <authentication type="preshared" sendcertrequest="no" />
      </cfg_ike_sa>
      <cfg_child_sa name="CLUSTER_VPN" family="AF_INET" requestconfig="yes" tunneltype="client2server">
        <childsa_lifetime>1800</childsa_lifetime>
        <cfg_sa>
          <proposal protocol="ESP">
            <transform type="ENCR_ALGO" keylength="128">AES_CBC</transform>
            <transform type="ENCR_ALGO" keylength="192">AES_CBC</transform>
            <transform type="ENCR_ALGO" keylength="256">AES_CBC</transform>
            <transform type="ENCR_ALGO" keylength="128">AES_CTR</transform>
            <transform type="ENCR_ALGO" keylength="192">AES_CTR</transform>
            <transform type="ENCR_ALGO" keylength="256">AES_CTR</transform>
            <transform type="ENCR_ALGO" keylength="128">AES_GCM_16</transform>
            <transform type="ENCR_ALGO" keylength="192">AES_GCM_16</transform>
            <transform type="ENCR_ALGO" keylength="256">AES_GCM_16</transform>
            <transform type="INTEG">AUTH_HMAC_SHA2_256_128</transform>
            <transform type="INTEG">AUTH_HMAC_SHA2_384_192</transform>
            <transform type="INTEG">AUTH_HMAC_SHA2_512_256</transform>
            <transform type="DH_GROUP">DH_BRAINPOOLP256_R1</transform>
            <transform type="DH_GROUP">DH_ECP_256</transform>
            <transform type="DH_GROUP">DH_ECP_384</transform>
            <transform type="DH_GROUP">DH_ECP_521</transform>
            <transform type="DH_GROUP">DH_MODP_8192</transform>
            <transform type="DH_GROUP">DH_MODP_6144</transform>
            <transform type="DH_GROUP">DH_MODP_4096</transform>
            <transform type="DH_GROUP">DH_MODP_3072</transform>
            <transform type="DH_GROUP">DH_MODP_2048</transform>
            <transform type="ESN">NO_EXTENDED_SEQ_NUMBER</transform>
            <transform type="ESN">EXTENDED_SEQ_NUMBER</transform>
          </proposal>
        </cfg_sa>
        <cfg_ts type="IPV4_ADDR_RANGE" location="local">
          <protocol>0</protocol>
          <start_port>0</start_port>
          <end_port>65535</end_port>
          <starting_address>0.0.0.0</starting_address>
        </cfg_ts>
        <cfg_ts type="IPV4_ADDR_RANGE" location="remote">
          <protocol>0</protocol>
          <start_port>0</start_port>
          <end_port>65535</end_port>
          <starting_address>0.0.0.0</starting_address>
          <ending_address>255.255.255.255</ending_address>
        </cfg_ts>
        <cfg_automation />
        <cfg_remotesharing />
        <cfg_dynamic_param_lst />
      </cfg_child_sa>
    </cfg_connectionv2>
  </cfg_ikev2>
  <cfg_cnxpanel>
    <cfg_cnxpanel_connection name="CLUSTER-CLUSTER_VPN" tunnel="CLUSTER-CLUSTER_VPN" />
  </cfg_cnxpanel>
  <dialer_params />
</tgbconfig>