# Script (10.40.0414 / 04.11.2020) (0x0420021c,IDs:2,3,4,9,f/X/e45d5400,15,1a,23//f2099280,2b,30//f2311f80;0x00000403) lang English flash No # default value cd /Setup/VPN/IKEv2/Peers # Peer Active SH-Time Remote-Gateway Rtg-tag Encryption Authentication General Lifetimes IKE-CFG IPv4-CFG-Pool IPv6-CFG-Pool CFG-Client-Profile Split-DNS-Profile Rule-creation IPv4-Rules IPv6-Rules Routing RADIUS-Authorization RADIUS-Accounting IPv6 HSVPN Comment # ======================----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- add "DEFAULT" {Active} Yes {SH-Time} 0 {Remote-Gateway} "" {Rtg-tag} 0 {Encryption} "DEFAULT" {Authentication} "DEFAULT" {General} "DEFAULT" {Lifetimes} "DEFAULT" {IKE-CFG} Off {IPv4-CFG-Pool} "" {IPv6-CFG-Pool} "" {CFG-Client-Profile} "" {Split-DNS-Profile} "" {Rule-creation} manually {IPv4-Rules} "" {IPv6-Rules} "" {Routing} "" {RADIUS-Authorization} "" {RADIUS-Accounting} "" {IPv6} "" {HSVPN} "" {Comment} "Default settings for peers that haven't been identified (yet)" cd / # default value cd /Setup/VPN/IKEv2/Encryption # Name DH-Groups PFS IKE-SA-Cipher-List IKE-SA-Integ-Alg-List Child-SA-Cipher-List Child-SA-Integ-Alg-List # ======================---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- add "DEFAULT" {DH-Groups} DH14 {PFS} Yes {IKE-SA-Cipher-List} AES-CBC-256,AES-GCM-256 {IKE-SA-Integ-Alg-List} SHA-256,SHA1 {Child-SA-Cipher-List} AES-CBC-256,AES-GCM-256 {Child-SA-Integ-Alg-List} SHA-256,SHA1 cd / # default value cd /Setup/VPN/IKEv2/Auth/Parameter # Name Local-Auth Local-Dig-Sig-Profile Local-ID-Type Local-ID Local-Password Remote-Auth Remote-Dig-Sig-Profile Remote-EAP-Profile Remote-ID-Type Remote-ID Remote-Password Addit.-Remote-ID-List Local-Certificate Remote-Cert-ID-Check OCSP-Check CRL-Check # ==================-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- add "DEFAULT" {Local-Auth} Digital-Signature {Local-Dig-Sig-Profile} "DEFAULT-RSA-PKCS" {Local-ID-Type} No-Identity {Local-ID} "" {Local-Password} "" {Remote-Auth} Digital-Signature {Remote-Dig-Sig-Profile} "DEFAULT-RSA-PKCS" {Remote-EAP-Profile} "" {Remote-ID-Type} No-Identity {Remote-ID} "" {Remote-Password} "" {Addit.-Remote-ID-List} "DEFAULT" {Local-Certificate} "VPN1" {Remote-Cert-ID-Check} No {OCSP-Check} No {CRL-Check} Yes cd / # default value cd /Setup/VPN/IKEv2/Auth/Addit.-Remote-ID-List # Name Addit.-Remote-IDs # ======================-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- add "DEFAULT" {Addit.-Remote-IDs} "DEFAULT-RSA-PKCS,DEFAULT-RSA-PSS,DEFAULT-ECDSA,DEFAULT-EDDSA25519,DEFAULT-EDDSA448" cd / # default value cd /Setup/VPN/IKEv2/Auth/Addit.-Remote-IDs # Name Remote-Auth Remote-Dig-Sig-Profile Remote-EAP-Profile Remote-ID-Type Remote-ID Remote-Password Remote-Cert-ID-Check OCSP-Check CRL-Check # ======================-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- add "DEFAULT-RSA-PKCS" {Remote-Auth} Digital-Signature {Remote-Dig-Sig-Profile} "DEFAULT-RSA-PKCS" {Remote-EAP-Profile} "" {Remote-ID-Type} No-Identity {Remote-ID} "" {Remote-Password} "" {Remote-Cert-ID-Check} No {OCSP-Check} No {CRL-Check} Yes add "DEFAULT-RSA-PSS" {Remote-Auth} Digital-Signature {Remote-Dig-Sig-Profile} "DEFAULT-RSA-PSS" {Remote-EAP-Profile} "" {Remote-ID-Type} No-Identity {Remote-ID} "" {Remote-Password} "" {Remote-Cert-ID-Check} No {OCSP-Check} No {CRL-Check} Yes add "DEFAULT-ECDSA" {Remote-Auth} Digital-Signature {Remote-Dig-Sig-Profile} "DEFAULT-ECDSA" {Remote-EAP-Profile} "" {Remote-ID-Type} No-Identity {Remote-ID} "" {Remote-Password} "" {Remote-Cert-ID-Check} No {OCSP-Check} No {CRL-Check} Yes add "DEFAULT-EDDSA25519" {Remote-Auth} Digital-Signature {Remote-Dig-Sig-Profile} "DEFAULT-EDDSA25519" {Remote-EAP-Profile} "" {Remote-ID-Type} No-Identity {Remote-ID} "" {Remote-Password} "" {Remote-Cert-ID-Check} No {OCSP-Check} No {CRL-Check} Yes add "DEFAULT-EDDSA448" {Remote-Auth} Digital-Signature {Remote-Dig-Sig-Profile} "DEFAULT-EDDSA448" {Remote-EAP-Profile} "" {Remote-ID-Type} No-Identity {Remote-ID} "" {Remote-Password} "" {Remote-Cert-ID-Check} No {OCSP-Check} No {CRL-Check} Yes cd / # default value cd /Setup/VPN/IKEv2/Auth/Digital-Signature-Profiles del * # Name Auth-Method Hash-Algorithms # ======================--------------------------------------------------------------- add "DEFAULT-RSA-PSS" {Auth-Method} RSASSA-PSS {Hash-Algorithms} SHA-512,SHA-384,SHA-256 add "DEFAULT-RSA-PKCS" {Auth-Method} RSASSA-PKCS1-v1_5 {Hash-Algorithms} SHA-512,SHA-384,SHA-256 add "DEFAULT-ECDSA" {Auth-Method} ECDSA {Hash-Algorithms} SHA-512,SHA-384,SHA-256 add "DEFAULT-EDDSA25519" {Auth-Method} EdDSA25519 {Hash-Algorithms} IDENTITY add "DEFAULT-EDDSA448" {Auth-Method} EdDSA448 {Hash-Algorithms} IDENTITY cd / # default value cd /Setup/VPN/IKEv2/General # Name DPD-Inact-Timeout Encapsulation Destination-Port # ======================-------------------------------------------------- add "DEFAULT" {DPD-Inact-Timeout} 30 {Encapsulation} None {Destination-Port} 0 cd / # default value cd /Setup/VPN/IKEv2/Lifetimes # Name IKE-SA-Sec IKE-SA-KB Child-SA-Sec Child-SA-KB # ======================-------------------------------------------------------------------------------------- add "DEFAULT" {IKE-SA-Sec} 108000 {IKE-SA-KB} 0 {Child-SA-Sec} 28800 {Child-SA-KB} 2000000 cd / # default value cd /Setup/VPN/Networks/IPv4-Rules # Name Local-Networks Remote-Networks # =================================---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- add "RAS-WITH-CONFIG-PAYLOAD" {Local-Networks} "0.0.0.0/0" {Remote-Networks} "0.0.0.0/32" add "RAS-WITH-NETWORK-SELECTION" {Local-Networks} "0.0.0.0/0" {Remote-Networks} "0.0.0.0/0" cd / # default value cd /Setup/VPN/Networks/IPv6-Rules # Name Local-Networks Remote-Networks # =================================---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- add "RAS-WITH-CONFIG-PAYLOAD" {Local-Networks} "::/0" {Remote-Networks} "::/128" add "RAS-WITH-NETWORK-SELECTION" {Local-Networks} "::/0" {Remote-Networks} "::/0" cd / flash Yes # done exit