Here is the 6th part of my configuration:
vpn {
ipsec {
auto-firewall-nat-exclude enable
disable-uniqreqids
esp-group vpntunnel {
compression disable
lifetime 3600
mode tunnel
pfs disable
proposal 1 {
encryption aes256
hash sha1
}
}
ike-group vpntunnel {
ikev2-reauth no
key-exchange ikev1
lifetime 86400
proposal 1 {
dh-group 2
encryption aes256
hash sha1
}
}
ipsec-interfaces {
interface eth0
}
nat-networks {
allowed-network 0.0.0.0/0 {
}
}
nat-traversal disable
site-to-site {
peer 72.13.6.209 {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
}
connection-type initiate
default-esp-group vpntunnel
ike-group vpntunnel
ikev2-reauth inherit
local-address 64.60.51.130
tunnel 1 {
allow-nat-networks disable
allow-public-networks disable
esp-group vpntunnel
local {
prefix 192.168.2.0/24
}
remote {
prefix 72.13.6.218/32
}
}
}
}
}
}
mpalafox@ubnt:~$