Line 267: |
Line 267: |
| - Authentication method: '''''X.509''''' | | - Authentication method: '''''X.509''''' |
| | | |
− | - Key: '''''RUT1.key.pem''''' // Browse and import the RUT1.key.pem we created & downloaded earlier. | + | - Key: '''''RUT1.key.pem''''' // Browse and import the RUT1.key.pem we created & downloaded earlier. |
| | | |
− | - Key decryption passphrase: Leave blank // This is only needed if an additional password was added to the cert, which we did not do in our earlier steps. | + | - Key decryption passphrase: Leave blank // This is only needed if an additional password was added to the cert, which we did not do in our earlier steps. |
| | | |
− | - Local certificate: '''''RUT1.cert.pem''''' // Browse and import the RUT1.cert.pem we created & downloaded earlier. | + | - Local certificate: '''''RUT1.cert.pem''''' // Browse and import the RUT1.cert.pem we created & downloaded earlier. |
| | | |
− | - CA certificate: '''''CAIPSec.cert.pem''''' // Browse and import the CAIPSec.cert.pem we created & downloaded earlier. | + | - CA certificate: '''''CAIPSec.cert.pem''''' // Browse and import the CAIPSec.cert.pem we created & downloaded earlier. |
| | | |
− | - Local identifier: '''''192.168.3.1''''' // We will use the LAN IP of RUT1 for the Identifier | + | - Local identifier: '''''192.168.3.1''''' // We will use the LAN IP of RUT1 for the Identifier |
| | | |
− | - Remote identifier: '''''192.168.14.1''''' // We will use the LAN IP of RUT2 for the Identifier | + | - Remote identifier: '''''192.168.14.1''''' // We will use the LAN IP of RUT2 for the Identifier |
| <br> | | <br> |
| | | |
Line 286: |
Line 286: |
| * IPsec Instance Advanced settings configuration as follows: | | * IPsec Instance Advanced settings configuration as follows: |
| | | |
− | - Remote certificate: '''''RUT2.cert.pem''''' // Upload RUT2 cert we created earlier. | + | - Remote certificate: '''''RUT2.cert.pem''''' // Upload RUT2 cert we created earlier. |
| <br> | | <br> |
| | | |
Line 295: |
Line 295: |
| * Connection settings General settings configuration as follows: | | * Connection settings General settings configuration as follows: |
| | | |
− | - Mode: '''''Start''''' // start loads a connection and brings | + | - Mode: '''''Start''''' // start loads a connection and brings |
| it up immediately. For more configuration information please reference *auto* here (https://wiki.strongswan.org/projects/strongswan/wiki/Connsection) | | it up immediately. For more configuration information please reference *auto* here (https://wiki.strongswan.org/projects/strongswan/wiki/Connsection) |
| | | |
− | - Type: '''''Tunnel''''' | + | - Type: '''''Tunnel''''' |
| | | |
− | - Default route: '''''off''''' // Only use this if you want your default route to be out this tunnel. | + | - Default route: '''''off''''' // Only use this if you want your default route to be out this tunnel. |
| | | |
− | - Local subnet: '''''192.168.3.0/24''''' // RUT1 LAN subnet we want access to through the tunnel | + | - Local subnet: '''''192.168.3.0/24''''' // RUT1 LAN subnet we want access to through the tunnel |
| | | |
− | - Remote subnet: '''''192.168.14.0/24''''' // RUT2 LAN subnet we want access to through the tunnel | + | - Remote subnet: '''''192.168.14.0/24''''' // RUT2 LAN subnet we want access to through the tunnel |
| | | |
− | - Key exchange: '''''IKEv2''''' | + | - Key exchange: '''''IKEv2''''' |
| <br> | | <br> |
| | | |
Line 315: |
Line 315: |
| * Connection settings Advanced settings configuration as follows: | | * Connection settings Advanced settings configuration as follows: |
| | | |
− | - Force encapsulation: '''''On''''' | + | - Force encapsulation: '''''On''''' |
| | | |
− | - Local Firewall: '''''On''''' | + | - Local Firewall: '''''On''''' |
| | | |
− | - Remote Firewall: '''''On''''' | + | - Remote Firewall: '''''On''''' |
| | | |
− | - Inactivity: '''''3600''''' // This is in seconds. Can be changed depending on how often you want the tunnel to be checked for data passing. | + | - Inactivity: '''''3600''''' // This is in seconds. Can be changed depending on how often you want the tunnel to be checked for data passing. |
| | | |
− | - Dead peer detection: '''''On''''' | + | - Dead peer detection: '''''On''''' |
| | | |
− | - DPD action: '''''Restart''''' | + | - DPD action: '''''Restart''''' |
| | | |
− | - DPD delay: '''''30''''' // This is in seconds. | + | - DPD delay: '''''30''''' // This is in seconds. |
| | | |
− | - DPD Timeout: '''''150''''' // This is in seconds. | + | - DPD Timeout: '''''150''''' // This is in seconds. |
| | | |
− | - The rest of the configuration leave as default | + | - The rest of the configuration leave as default |
| | | |
| <br> | | <br> |
Line 398: |
Line 398: |
| * IPsec Instance General settings configuration as follows: | | * IPsec Instance General settings configuration as follows: |
| | | |
− | - Remote endpoint: '''''192.168.1.3''''' // This should be RUT1 WAN IP. You should be able to ping this IP from RUT2 WAN IP. | + | - Remote endpoint: '''''192.168.1.3''''' // This should be RUT1 WAN IP. You should be able to ping this IP from RUT2 WAN IP. |
| | | |
− | - Authentication method: '''''X.509''''' | + | - Authentication method: '''''X.509''''' |
| | | |
− | - Key: '''''RUT2.key.pem''''' // Browse and import the RUT2.key.pem we created & downloaded earlier. | + | - Key: '''''RUT2.key.pem''''' // Browse and import the RUT2.key.pem we created & downloaded earlier. |
| | | |
− | - Key decryption passphrase: Leave blank // This is only needed if an additional password was added to the cert, which we did not do in our earlier steps. | + | - Key decryption passphrase: Leave blank // This is only needed if an additional password was added to the cert, which we did not do in our earlier steps. |
| | | |
− | - Local certificate: '''''RUT2.cert.pem''''' // Browse and import the RUT1.cert.pem we created & downloaded earlier. | + | - Local certificate: '''''RUT2.cert.pem''''' // Browse and import the RUT1.cert.pem we created & downloaded earlier. |
| | | |
− | - CA certificate: '''''CAIPSec.cert.pem''''' // Browse and import the CAIPSec.cert.pem we created & downloaded earlier. | + | - CA certificate: '''''CAIPSec.cert.pem''''' // Browse and import the CAIPSec.cert.pem we created & downloaded earlier. |
| | | |
− | - Local identifier: '''''192.168.14.1''''' // We will use the LAN IP of RUT2 for the Identifier | + | - Local identifier: '''''192.168.14.1''''' // We will use the LAN IP of RUT2 for the Identifier |
| | | |
− | - Remote identifier: '''''192.168.3.1''''' // We will use the LAN IP of RUT1 for the Identifier | + | - Remote identifier: '''''192.168.3.1''''' // We will use the LAN IP of RUT1 for the Identifier |
| <br> | | <br> |
| | | |
Line 421: |
Line 421: |
| * Connection settings Advanced settings configuration as follows: | | * Connection settings Advanced settings configuration as follows: |
| | | |
− | - Remote certificate: '''''RUT1.cert.pem''''' // Upload RUT1 cert we created earlier. | + | - Remote certificate: '''''RUT1.cert.pem''''' // Upload RUT1 cert we created earlier. |
| <br> | | <br> |
| | | |
Line 430: |
Line 430: |
| * Connection settings General settings configuration as follows: | | * Connection settings General settings configuration as follows: |
| | | |
− | - Mode: '''''Start''''' // start loads a connection and brings | + | - Mode: '''''Start''''' // start loads a connection and brings |
| it up immediately. For more configuration information please reference *auto* here (https://wiki.strongswan.org/projects/strongswan/wiki/Connsection) | | it up immediately. For more configuration information please reference *auto* here (https://wiki.strongswan.org/projects/strongswan/wiki/Connsection) |
| | | |
− | - Type: '''''Tunnel''''' | + | - Type: '''''Tunnel''''' |
| | | |
− | - Default route: '''''off''''' // Only use this if you want your default route to be out this tunnel. | + | - Default route: '''''off''''' // Only use this if you want your default route to be out this tunnel. |
| | | |
− | - Local subnet: '''''192.168.14.0/24''''' // RUT2 LAN subnet we want access to through the tunnel | + | - Local subnet: '''''192.168.14.0/24''''' // RUT2 LAN subnet we want access to through the tunnel |
| | | |
− | - Remote subnet: '''''192.168.3.0/24''''' // RUT1 LAN subnet we want access to through the tunnel | + | - Remote subnet: '''''192.168.3.0/24''''' // RUT1 LAN subnet we want access to through the tunnel |
| | | |
− | - Key exchange: '''''IKEv2''''' | + | - Key exchange: '''''IKEv2''''' |
| <br> | | <br> |
| | | |
Line 450: |
Line 450: |
| * Connection settings Advanced settings configuration as follows: | | * Connection settings Advanced settings configuration as follows: |
| | | |
− | - Force encapsulation: '''''On''''' | + | - Force encapsulation: '''''On''''' |
| | | |
− | - Local Firewall: '''''On''''' | + | - Local Firewall: '''''On''''' |
| | | |
− | - Remote Firewall: '''''On''''' | + | - Remote Firewall: '''''On''''' |
| | | |
− | - Inactivity: '''''3600''''' // This is in seconds. Can be changed depending on how often you want the tunnel to be checked for data passing. | + | - Inactivity: '''''3600''''' // This is in seconds. Can be changed depending on how often you want the tunnel to be checked for data passing. |
| | | |
− | - Dead peer detection: '''''On''''' | + | - Dead peer detection: '''''On''''' |
| | | |
− | - DPD action: '''''Restart''''' | + | - DPD action: '''''Restart''''' |
| | | |
− | - DPD delay: '''''30''''' // This is in seconds. | + | - DPD delay: '''''30''''' // This is in seconds. |
| | | |
− | - DPD Timeout: '''''150''''' // This is in seconds. | + | - DPD Timeout: '''''150''''' // This is in seconds. |
| | | |
− | - The rest of the configuration leave as default | + | - The rest of the configuration leave as default |
| <br> | | <br> |
| | | |