# Script (10.00.0169 / 27.04.2017) (0x0020c11c,IDs:2,3,4,8,e,f//dcdf1d80,15,2b;0x0c000003) lang English flash No cd /Setup/VPN/IKEv2/Peers add "DEFAULT" {Active} Yes {SH-Time} 0 {Remote-Gateway} "" {Rtg-tag} 0 {Encryption} "DEFAULT" {Authentication} "DEFAULT" {General} "DEFAULT" {Lifetimes} "DEFAULT" {IKE-CFG} Off {IPv4-CFG-Pool} "" {IPv6-CFG-Pool} "" {Rule-creation} manually {IPv4-Rules} "" {IPv6-Rules} "" {Routing} "" {RADIUS-Authorization} "" {RADIUS-Accounting} "" {Comment} "Default settings for peers that haven't been identified (yet)" cd /Setup/VPN/IKEv2/Encryption add "DEFAULT" {DH-Groups} DH14 {PFS} Yes {IKE-SA-Cipher-List} AES-CBC-256 {IKE-SA-Integ-Alg-List} SHA-256,SHA1 {Child-SA-Cipher-List} AES-CBC-256 {Child-SA-Integ-Alg-List} SHA-256,SHA1 cd /Setup/VPN/IKEv2/Auth/Parameter add "DEFAULT" {Local-Auth} Digital-Signature {Local-Dig-Sig-Profile} "DEFAULT-RSA-PKCS" {Local-ID-Type} No-Identity {Local-ID} "" {Local-Password} "" {Remote-Auth} Digital-Signature {Remote-Dig-Sig-Profile} "DEFAULT-RSA-PKCS" {Remote-ID-Type} No-Identity {Remote-ID} "" {Remote-Password} "" {Addit.-Remote-ID-List} "DEFAULT" {Local-Certificate} "VPN1" {Remote-Cert-ID-Check} No {OCSP-Check} No cd /Setup/VPN/IKEv2/Auth/Addit.-Remote-ID-List add "DEFAULT" {Addit.-Remote-IDs} "DEFAULT-RSA-PKCS,DEFAULT-RSA-PSS" cd /Setup/VPN/IKEv2/Auth/Addit.-Remote-IDs add "DEFAULT-RSA-PKCS" {Remote-Auth} Digital-Signature {Remote-Dig-Sig-Profile} "DEFAULT-RSA-PKCS" {Remote-ID-Type} No-Identity {Remote-ID} "" {Remote-Password} "" {Remote-Cert-ID-Check} No {OCSP-Check} No add "DEFAULT-RSA-PSS" {Remote-Auth} Digital-Signature {Remote-Dig-Sig-Profile} "DEFAULT-RSA-PSS" {Remote-ID-Type} No-Identity {Remote-ID} "" {Remote-Password} "" {Remote-Cert-ID-Check} No {OCSP-Check} No cd /Setup/VPN/IKEv2/Auth/Digital-Signature-Profiles add "DEFAULT-RSA-PSS" {Auth-Method} RSASSA-PSS {Hash-Algorithms} SHA-512,SHA-384,SHA-256 add "DEFAULT-RSA-PKCS" {Auth-Method} RSASSA-PKCS1-v1_5 {Hash-Algorithms} SHA-512,SHA-384,SHA-256 cd /Setup/VPN/IKEv2/General add "DEFAULT" {DPD-Inact-Timeout} 30 {Encapsulation} No {Destination-Port} 0 cd /Setup/VPN/IKEv2/Lifetimes add "DEFAULT" {IKE-SA-Sec} 108000 {IKE-SA-KB} 0 {Child-SA-Sec} 28800 {Child-SA-KB} 2000000 cd /Setup/VPN/Networks/IPv4-Rules add "RAS-WITH-CONFIG-PAYLOAD" {Local-Networks} "0.0.0.0/0" {Remote-Networks} "0.0.0.0/32" add "RAS-WITH-NETWORK-SELECTION" {Local-Networks} "0.0.0.0/0" {Remote-Networks} "0.0.0.0/0" cd /Setup/VPN/Networks/IPv6-Rules add "RAS-WITH-CONFIG-PAYLOAD" {Local-Networks} "::/0" {Remote-Networks} "::/128" add "RAS-WITH-NETWORK-SELECTION" {Local-Networks} "::/0" {Remote-Networks} "::/0" cd / flash Yes # done exit