ip route default gateway 192.168.0.2 filter 1000 1001 1002 1010 1011 gateway tunnel 30 keepalive 30 hide gateway tunnel 29 weight 0 keepalive 29 hide gateway 192.168.0.2 weight 0 ip route 203.0.113.221 gateway tunnel 30 ip route 203.0.113.231 gateway tunnel 29 ip keepalive 29 icmp-echo 3 5 203.0.113.231 # next hop via tun 29 ip keepalive 30 icmp-echo 3 5 203.0.113.221 # next hop via tun 30 vlan lan1/2 802.1q vid=2 name=ppp ip lan1 address 192.168.0.1/24 ipv6 lan1 address ra-prefix@lan1::beef:1/64 ipv6 lan1 dhcp service client ir=on ip lan1/2 address 192.168.1.1/24 pp select anonymous pp bind tunnel21-tunnel25 pp auth request mschap-v2 pp auth username VPN_MYNAME VPN_PASSWORD ppp ipcp ipaddress on ppp ipcp msext on ip pp remote address pool 192.168.100.1-192.168.100.7 ip pp mtu 1258 pp enable anonymous tunnel select 10 tunnel name VPS ipsec tunnel 10 ipsec sa policy 10 10 esp aes-cbc sha-hmac ipsec ike encryption 10 aes-cbc ipsec ike group 10 modp1024 ipsec ike hash 10 sha ipsec ike keepalive use 10 on dpd ipsec ike pre-shared-key 10 text YOUR_PSK_1 ipsec ike remote address 10 2001:db8:1::1/64 ipsec auto refresh 10 off ipv6 tunnel tcp mss limit auto tunnel enable 10 tunnel select 21 tunnel template 22-25 tunnel encapsulation l2tp ipsec tunnel 21 ipsec sa policy 21 21 esp aes-cbc sha-hmac ipsec ike local address 21 192.168.0.1 ipsec ike nat-traversal 21 on ipsec ike pre-shared-key 21 text YOUR_PSK_2 ipsec ike remote address 21 any l2tp tunnel disconnect time off l2tp keepalive use on 10 12 l2tp keepalive log on l2tp syslog on ip tunnel tcp mss limit auto tunnel enable 21 tunnel select 22 tunnel encapsulation l2tp l2tp tunnel disconnect time off l2tp keepalive use on 10 12 l2tp keepalive log on l2tp syslog on ip tunnel tcp mss limit auto tunnel select 23 tunnel encapsulation l2tp l2tp tunnel disconnect time off l2tp keepalive use on 10 12 l2tp keepalive log on l2tp syslog on ip tunnel tcp mss limit auto tunnel select 24 tunnel encapsulation l2tp l2tp tunnel disconnect time off l2tp keepalive use on 10 12 l2tp keepalive log on l2tp syslog on ip tunnel tcp mss limit auto tunnel select 25 tunnel encapsulation l2tp l2tp tunnel disconnect time off l2tp keepalive use on 10 12 l2tp keepalive log on l2tp syslog on ip tunnel tcp mss limit auto tunnel select 29 tunnel encapsulation ipip tunnel endpoint address 2001:db8:feed::101 ip tunnel mtu 1460 ip tunnel secure filter in 200000 200001 200002 200003 200020 200021 200022 200023 200024 200025 200030 200031 ip tunnel secure filter out 200010 200011 200012 200013 200020 200021 200022 200023 200024 200025 200026 200027 999999 dynamic 200080 200081 200082 200083 200084 200098 200099 ip tunnel tcp mss limit auto tunnel enable 29 tunnel select 30 tunnel encapsulation ipip tunnel endpoint address 2001:db8:feed::100 ip tunnel mtu 1460 ip tunnel secure filter in 200000 200001 200002 200003 200020 200021 200022 200023 200024 200025 200030 200031 ip tunnel secure filter out 200010 200011 200012 200013 200020 200021 200022 200023 200024 200025 200026 200027 999999 dynamic 200080 200081 200082 200083 200084 200098 200099 ip tunnel tcp mss limit auto tunnel enable 30 ip filter 1000 pass * * esp * * ip filter 1001 pass * * udp 500 * ip filter 1002 pass * * udp 4500 * ip filter 1010 pass 192.168.100.0/24 * * * * ip filter 1011 pass 192.168.1.0/24 * * * * ip filter 200000 reject 127.0.0.0/8 * * * * ip filter 200001 reject 10.0.0.0/8 * * * * ip filter 200002 reject 172.16.0.0/12 * * * * ip filter 200003 reject 192.168.0.0/16 * * * * ip filter 200010 reject * 127.0.0.0/8 * * * ip filter 200011 reject * 10.0.0.0/8 * * * ip filter 200012 reject * 172.16.0.0/12 * * * ip filter 200013 reject * 192.168.0.0/16 * * * ip filter 200020 reject * * udp,tcp 135 * ip filter 200021 reject * * udp,tcp * 135 ip filter 200022 reject * * udp,tcp netbios_ns-netbios_ssn * ip filter 200023 reject * * udp,tcp * netbios_ns-netbios_ssn ip filter 200024 reject * * udp,tcp 445 * ip filter 200025 reject * * udp,tcp * 445 ip filter 200026 restrict * * tcpfin * www,21,nntp ip filter 200027 restrict * * tcprst * www,21,nntp ip filter 200030 pass * 192.168.0.0/16 icmp * * ip filter 200031 pass * 192.168.0.0/16 established * * ip filter 999999 pass * * ip filter dynamic 200080 * * ftp ip filter dynamic 200081 * * domain ip filter dynamic 200082 * * www ip filter dynamic 200083 * * smtp ip filter dynamic 200084 * * pop3 ip filter dynamic 200098 * * tcp ip filter dynamic 200099 * * udp ipsec auto refresh on ipsec transport 21 21 udp 1701 ipsec transport 22 22 udp 1701 ipsec transport 23 23 udp 1701 ipsec transport 24 24 udp 1701 ipsec transport 25 25 udp 1701 dns server 192.168.0.2 l2tp service on