-
Standards
-
Network Engineering
-
Point to Multipoint Authentication
<!DOCTYPE svg PUBLIC “-//W3C//DTD SVG 1.0//EN” “http://www.w3.org/TR/2001/PR-SVG-20010719/DTD/svg10.dtd”>
<!DOCTYPE svg PUBLIC “-//W3C//DTD SVG 1.0//EN” “http://www.w3.org/TR/2001/PR-SVG-20010719/DTD/svg10.dtd”>
Notes from an ignoramus (aka Ryan)
Sectors need:
/interface wireless set default-forwarding=no 0
/ip ipsec proposal set enc-algorithm=null disabled=no 0
set up yo dhcp for 100.64.0.1/10
Let’s assume our client has lan ip 100.64.0.2
Cell config
/ip ipsec peer add address=100.64.0.2/10 auth-method=rsa-signature certificate= enc-algorithm=null disabled=no comment=K0RET
/ip ipsec policy add src-address=0.0.0.0/0 dst-address=44.34.133.1 sa-src-address=100.64.0.1 sa-dst-address=100.64.0.2 tunnel=yes action=none proposal=default
Client config
/ip ipsec peer add address=100.64.0.1/10 auth-method=rsa-signature certificate= enc-algorithm=null disabled=no comment=K0RET
/ip ipsec policy add src-address=44.34.133.1 dst-address=0.0.0.0/0 sa-src-address=100.64.0.2 sa-dst-address=100.64.0.1 tunnel=yes action=none proposal=default
to-do: BGP config on both ends
to-do: script to create ipsec policy on client using the proper sa-src-address as assigned by dhcp
