IPsec configuration examples: Difference between revisions

← Older edit

IPsec configuration examples (view source)

Revision as of 10:00, 30 March 2022

764 bytes removed , 30 March 2022

no edit summary

VisualWikitext

Edvinas.Dryzas

Administrators

489

edits

@@ Line 43: / Line 43: @@
 * Login to the router's WebUI and go to '''Services → VPN → IPsec'''. Enter a custom name (for this example we use ''RUT1'') for the IPsec instance click the "Add" button:
-[[File:Creating an ipsec instance part 1 v1.png]]
+[[File:Ipsec1.png|alt=|1126x1126px]]
 ----
 * Click the "Edit" button located next to the newly created instance:
-[[File:Creating an ipsec instance part 2 v1.png]]
+[[File:Ipsec2.png|alt=|1129x1129px]]
 ----
 * You will be redirected to the instance's configuration window. From here we will discuss how to configure both instances (''RUT1'' and ''RUT2''). Creating a second instance is analogous to how we created the first one - just login to the second router and repeat the first two steps. Although not mandatory, we recommend that you use a distinct name for the second instance (for this example we use ''RUT2'') for easier management purposes. <br> The specifics of both configurations are described in the figure below:
-[[File:Creating an ipsec instance part 3 v4.png|1150px]]
+[[File:Ipsec3.png|alt=|1150x1150px]]
 * Below are explanations of the parameters highlighted in the figure above. Other parameters (not highlighted) are defaults. You can find descriptions for these parameters in the '''[[VPN#IPsec|VPN manual page, IPsec section]]'''
-** '''Enable''' - enables the IPsec instance
+**'''Enable''' - enables the IPsec instance
-** '''Local IP address/Subnet mask''' - LAN IP address/Subnet mask of the router on which the IPsec instance is configured
+** '''Remote Endpoint''' - the Public IP address of the opposite router, leaving empty will force IPSec to only accept connections.
 ** '''Pre shared key''' - a shared password used for authentication between the peers. The value of this field must match on both instances
-** '''Remote VPN endpoint''' - the Public IP address of the opposite router
+**'''Local Identifier''' - private IP address of your router.
-** '''Remote IP address/Subnet mask''' - LAN IP address/Subnet mask of the opposite router
+**'''Remote Identifier''' - private IP of the opposite router.
-** '''Enable keepalive''' - enables the tunnel's keep alive function. When enabled, the instance sends ICMP packets to the specified host at the specified frequency. If no response is received, the instance attempts to restart the connection
+** '''Local subnet''' - routers local subnet.
-*** '''Host''' - hostname or IP address to which ICMP packets will be sent to. Best to use a hostname/IP address belonging to the opposite instance's LAN. For this example we just use the other router's LAN IP address
+** '''Remote subnet''' - opposite routers subnet.
-*** '''Ping period (sec)''' - the period (in seconds) at which ICMP packets will be sent to the specified host
-** '''Allow WebUI access''' - when checked, allows WebUI access for hosts from the opposite instance
 '''NOTE''': remember to replace certain parameter values (like IP addresses) with your own relevant data.
 ----
-* The last step in configuring the IPsec instances is '''Phase settings'''. For this example we left the default Phase settings. If you're planning to change Phase settings, make sure they match with the Phase settings (both Phase 1 and Phase 2) of the incoming connection:
+* The last step in configuring the IPsec instances is '''Proposal settings'''. Make sure they match with the Phase settings ('''both Phase 1 and Phase 2''') of the incoming connection:
-[[File:Creating an ipsec instance part 4 v2.png|1150px]]
+[[File:Ipsec4.png|alt=|1572x1572px]]
 When you're finished with the configuration, don't forget to click the "Save" button.