Line 30: |
Line 30: |
| ---- | | ---- |
| *Click the "Edit" button located next to the newly created instance and set up the configuration according to the network: | | *Click the "Edit" button located next to the newly created instance and set up the configuration according to the network: |
− | [[File:IPsec RUT955 config 2.png|alt=|border|center|930x930px|class=tlt-border]] | + | [[File:RUTOS IPsec rut955 config 2.png|alt=|border|center|930x930px|class=tlt-border]] |
| [[File:RUTOS ipsec RUT955 optionconfig xauth 1.png|alt=|border|center|930x930px|class=tlt-border]] | | [[File:RUTOS ipsec RUT955 optionconfig xauth 1.png|alt=|border|center|930x930px|class=tlt-border]] |
| *Below are explanations of the parameters highlighted in the figure above. Other parameters (not highlighted) are defaults. You can find descriptions for these parameters in the '''[[VPN#IPsec|VPN manual page, IPsec section]]''' | | *Below are explanations of the parameters highlighted in the figure above. Other parameters (not highlighted) are defaults. You can find descriptions for these parameters in the '''[[VPN#IPsec|VPN manual page, IPsec section]]''' |
Line 42: |
Line 42: |
| ***'''Ping period (sec)''' - the period (in seconds) at which ICMP packets will be sent to the specified host | | ***'''Ping period (sec)''' - the period (in seconds) at which ICMP packets will be sent to the specified host |
| **'''Allow WebUI access''' - when checked, allows WebUI access for hosts from the opposite instance | | **'''Allow WebUI access''' - when checked, allows WebUI access for hosts from the opposite instance |
− | **'''XAUTH''' - when checked, allows is used to edit and display the authorization information used in connecting to the X server | + | **'''XAUTH''' - note that option, available only if you choose IKEv1, when checked, allows is used to edit and display the authorization information used in connecting to the X server. |
| + | **'''IKEv2 vs IKEv1''' - use IKEv2 for better security, speed, and flexibility, especially in dynamic environments. IKEv1 is older but still widely supported in legacy systems. Choose based on specific requirements and compatibility. |
| + | **'''Local&Remote identifiers''' - there is two types, IP Adress type - which could describe certain subnet gateway like 192.168.1.1 or whole subnet like 192.168.1.0/24. Hostname type - is when IP address is subject to change, providing more flexibility, and look like - " vpngatewayname.yourdomain ". |
| '''NOTE''': remember to replace certain parameter values (like IP addresses) with your own relevant data. | | '''NOTE''': remember to replace certain parameter values (like IP addresses) with your own relevant data. |
| | | |
Line 56: |
Line 58: |
| | | |
| *In this case, Remote endpoint should be RUTX11's Public IP: | | *In this case, Remote endpoint should be RUTX11's Public IP: |
− | [[File:IPsec RUTX11 Config2.png|alt=|center|930x930px|border|class=tlt-border]] | + | [[File:RUTOS IPsec rutx11 config 2.png|alt=|center|930x930px|border|class=tlt-border]] |
| [[File:RUTOS ipsec RUT955 optionconfig xauth 1.png|alt=|border|center|930x930px|class=tlt-border]] | | [[File:RUTOS ipsec RUT955 optionconfig xauth 1.png|alt=|border|center|930x930px|class=tlt-border]] |
| ---- | | ---- |