.

2025-12-22 14:53:29 +01:00
parent 7edb177425
commit ca2b58d465
10 changed files with 120 additions and 7 deletions
--- a/Backup/Sophos/APS_HH.tgb
+++ b/Backup/Sophos/APS_HH.tgb
@@ -0,0 +1,96 @@
+# Do not edit this file. It is overwritten by VpnConf.
+# SIGNATURE MD5 = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+# Creation Date : 2025-12-22 at 13:34:35
+# Written by CyberoamServer XGS3300_RL01_SFOS 21.5.0 GA-Build171
+# Client Version :
+# 	CyberoamVPNClient :3.11.008
+# 	IKE Service :3.10.08,02.13
+
+[General]
+Shared-SADB = Defined
+Retransmits = 5 
+Exchange-max-time = 10
+Default-phase-1-lifetime = 46800,360:86400
+Bitblocking = 0
+Xauth-interval = 20
+DPD-interval = 30 
+DPD_retrans = 7
+DPD_wait = 30 
+
+[Default-phase-2-lifetime]
+LIFE_TYPE = SECONDS 
+LIFE_DURATION = 43200,360:86400
+
+# ==================== PHASES 1 ====================
+
+[Phase 1]
+185.164.230.171 = APS_HH-P1
+
+[APS_HH-main-mode]
+DOI = IPSEC
+EXCHANGE_TYPE = ID_PROT
+Transforms = AES256-SHA2_256-GRP21
+
+[AES256-SHA2_256-GRP21]
+ENCRYPTION_ALGORITHM = AES_CBC
+KEY_LENGTH = 256,128:256
+HASH_ALGORITHM = SHA2_256
+GROUP_DESCRIPTION = ECP521
+AUTHENTICATION_METHOD = PRE_SHARED
+Life = LIFE_MAIN_MODE
+
+[APS_HH-P1]
+Phase = 1
+Family = IPV4
+Address = 185.164.230.171
+Transport = udp
+Configuration = APS_HH-main-mode
+Rconf = 1
+Authentication = "tZfNkccrTq49wyvsxLak86jF"
+Xauth = 0
+Xpopup = 1
+NATT_ENABLED = 1
+
+
+# ==================== PHASES 2 ====================
+
+[Phase 2]
+Manual-connections = APS_HH-APS_HH1-P2
+
+[APS_HH-APS_HH1-P2]
+Phase = 2
+ISAKMP-peer = APS_HH-P1
+Remote-ID = APS_HH1-remote-addr
+Configuration = APS_HH1-quick-mode
+AutoStart = 0
+USBStart = 0
+
+# ==================== Ipsec ID ====================
+
+[APS_HH1-remote-addr]
+ID-type = IPV4_ADDR_SUBNET
+Network = 0.0.0.0
+Netmask = 0.0.0.0
+
+# ==================== TRANSFORMS ====================
+
+[APS_HH1-quick-mode]
+DOI = IPSEC
+EXCHANGE_TYPE = QUICK_MODE
+Suites = APS_HH1-quick-mode-suite
+
+[APS_HH1-quick-mode-suite]
+Protocols = TGBQM-ESP-AES256-SHA2_256-PFSGRP21-TUN
+
+[TGBQM-ESP-AES256-SHA2_256-PFSGRP21-TUN]
+PROTOCOL_ID = IPSEC_ESP
+Transforms = TGBQM-ESP-AES256-SHA2_256-PFSGRP21-TUN-XF
+
+[TGBQM-ESP-AES256-SHA2_256-PFSGRP21-TUN-XF]
+TRANSFORM_ID = AES
+KEY_LENGTH = 256,128:256
+AUTHENTICATION_ALGORITHM = HMAC_SHA2_256
+GROUP_DESCRIPTION = ECP521
+ENCAPSULATION_MODE = TUNNEL
+Life = Default-phase-2-lifetime
+
--- a/Backup/Sophos/README
+++ b/Backup/Sophos/README
@@ -0,0 +1,15 @@
+The archive file contains IPsec remote access configuration files in .scx and .tgb formats.
+
+	    .scx: Contains the advanced settings of Sophos Connect client in addition
+	    to the other settings in the configuration. We recommend that
+	    you use this format.
+
+	    The advanced settings provide extra protection, such as running
+	    AD logon scripts after the tunnel is established and offering
+	    multi-factor authentication. They also allow you to split the
+	    tunnel and connect the tunnel automatically.
+
+	    These settings are available if your administrator has configured them. 
+
+	    .tgb: Use this for other IPsec remote access clients. If you use this
+	    format for Sophos  Connect clients, you won’t get the advanced settings.