Line 43: |
Line 43: |
| The following are the settings used for this example, but values should be changed depending on your specific needs: | | The following are the settings used for this example, but values should be changed depending on your specific needs: |
| | | |
− | - File Type: CA | + | - File Type: `CA` |
− | - Key Size: 1024 | + | - Key Size: `1024` |
− | - Name (CN): CAIPSec // This can be whatever name you choose. | + | - Name (CN): `CAIPSec` // This can be whatever name you choose. |
− | - Subject Information: Toggled On // It is recommended to fill out at least Country Code, State/Province and Organization Name. | + | - Subject Information: `Toggled On` // It is recommended to fill out at least Country Code, State/Province and Organization Name. |
− | - Country Code (CC): US // Fill your country code | + | - Country Code (CC): `US` // Fill your country code |
− | - State or Province Name (ST): TX // Fill your State/Province name | + | - State or Province Name (ST): `TX` // Fill your State/Province name |
− | - Locality Name (L): CAIPSec // Fill your locality name, or at least a recognizable name for your CA | + | - Locality Name (L): `CAIPSec` // Fill your locality name, or at least a recognizable name for your CA |
− | - Organization Name (O): CAIPSec // Fill your Organization name | + | - Organization Name (O): `CAIPSec` // Fill your Organization name |
− | - Organizational Unit Name (OU): CAIPSEC // Fill your specific Unit Name | + | - Organizational Unit Name (OU): `CAIPSEC` // Fill your specific Unit Name |
| - `Generate` Certificate | | - `Generate` Certificate |
| | | |
| [Screenshot Here] | | [Screenshot Here] |
| | | |
− | After you hit Generate the CA cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a CAIPSec.key.pem under *Keys* and a CAIPSec.req.pem under *Certificate requests*. | + | After you hit Generate the CA cert you should see a confirmation notification pop-up near the top right, and if you select Certificates Manager you should see a CAIPSec.key.pem under *Keys* and a CAIPSec.req.pem under *Certificate requests*. |
| | | |
| [Screenshot Here] | | [Screenshot Here] |
− | | + | [Screenshot Here] |
| | | |
| Next we need to sign the CAIPSec CA. We will be Self-Signing our own CA. | | Next we need to sign the CAIPSec CA. We will be Self-Signing our own CA. |
| Under the `Certificate signing` configure as follows: | | Under the `Certificate signing` configure as follows: |
| | | |
− | - Signed Certificate Name: CAIPSec | + | - Signed Certificate Name: `CAIPSec` |
− | - Type of Certificate to Sign: Certificate Authority | + | - Type of Certificate to Sign: `Certificate Authority` |
− | - Certificate Request File: CAIPSec.req.pem | + | - Certificate Request File: `CAIPSec.req.pem` |
− | - Days Valid: 3650 // For this example we will use 3650 days, but you can configure this to be longer if needed. I would caution against too long of a CA. | + | - Days Valid: `3650` // For this example we will use 3650 days, but you can configure this to be longer if needed. I would caution against too long of a CA. |
− | - Certificate Authority Key: CAIPSec.key.pem | + | - Certificate Authority Key: `CAIPSec.key.pem` |
− | - Leave the rest of the configuration alone | + | - Leave the rest of the configuration default |
| - `Sign` | | - `Sign` |
| + | |
| + | [Screenshot Here] |
| | | |
| After you hit *Sign* the CA cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a CAIPSec.cert.pem under *Certificates*. | | After you hit *Sign* the CA cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a CAIPSec.cert.pem under *Certificates*. |
Line 82: |
Line 84: |
| The following are the settings used for this example, but values should be changed depending on your specific needs: | | The following are the settings used for this example, but values should be changed depending on your specific needs: |
| | | |
− | - File Type: Client | + | - File Type: `Client` |
− | - Key Size: 1024 | + | - Key Size: `1024` |
− | - Name (CN): RUT1 // This can be whatever name you choose. | + | - Name (CN): `RUT1` // This can be whatever name you choose. |
− | - Subject Information: Toggled On // It is recommended to fill out at least Country Code, State/Province and Organization Name. | + | - Subject Information: `Toggled On` // It is recommended to fill out at least Country Code, State/Province and Organization Name. |
− | - Country Code (CC): US // Fill your country code | + | - Country Code (CC): `US` // Fill your country code |
− | - State or Province Name (ST): TX // Fill your State/Province name | + | - State or Province Name (ST): `TX` // Fill your State/Province name |
− | - Locality Name (L): RUT1 // Fill your locality name, or at least a recognizable name for your CA | + | - Locality Name (L): `RUT1` // Fill your locality name, or at least a recognizable name for your CA |
− | - Organization Name (O): RUT1 // Fill your Organization name | + | - Organization Name (O): `RUT1` // Fill your Organization name |
− | - Organizational Unit Name (OU): RUT1 // Fill your specific Unit Name | + | - Organizational Unit Name (OU): `RUT1` // Fill your specific Unit Name |
| - `Generate` Certificate | | - `Generate` Certificate |
| | | |
Line 97: |
Line 99: |
| After you hit Generate the Client cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a RUT1.key.pem under *Keys* and a RUT1.req.pem under *Certificate requests*. | | After you hit Generate the Client cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a RUT1.key.pem under *Keys* and a RUT1.req.pem under *Certificate requests*. |
| | | |
| + | [Screenshot Here] |
| | | |
| Next we need to sign the RUT1 cert. | | Next we need to sign the RUT1 cert. |
| Under the `Certificate signing` configure as follows: | | Under the `Certificate signing` configure as follows: |
| | | |
− | - Signed Certificate Name: RUT1 | + | - Signed Certificate Name: `RUT1` |
− | - Type of Certificate to Sign: Client Certificate | + | - Type of Certificate to Sign: `Client Certificate` |
− | - Certificate Request File: RUT1.req.pem | + | - Certificate Request File: `RUT1.req.pem` |
− | - Days Valid: 3650 | + | - Days Valid: `3650` |
− | - Certificate Authority File: CAIPSec.cert.pem | + | - Certificate Authority File: `CAIPSec.cert.pem` |
− | - Certificate Authority Key: CAIPSec.key.pem | + | - Certificate Authority Key: `CAIPSec.key.pem` |
| - Leave the rest of the configuration alone | | - Leave the rest of the configuration alone |
| - `Sign` | | - `Sign` |
| + | |
| + | [Screenshot Here] |
| | | |
| After you hit *Sign* the Client cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a RUT1.cert.pem under *Certificates*. | | After you hit *Sign* the Client cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a RUT1.cert.pem under *Certificates*. |
Line 123: |
Line 128: |
| The following are the settings used for this example, but values should be changed depending on your specific needs: | | The following are the settings used for this example, but values should be changed depending on your specific needs: |
| | | |
− | - File Type: Client | + | - File Type: `Client` |
− | - Key Size: 1024 | + | - Key Size: `1024` |
− | - Name (CN): RUT2 // This can be whatever name you choose. | + | - Name (CN): `RUT2` // This can be whatever name you choose. |
− | - Subject Information: Toggled On // It is recommended to fill out at least Country Code, State/Province and Organization Name. | + | - Subject Information: `Toggled On` // It is recommended to fill out at least Country Code, State/Province and Organization Name. |
− | - Country Code (CC): US // Fill your country code | + | - Country Code (CC): `US` // Fill your country code |
− | - State or Province Name (ST): TX // Fill your State/Province name | + | - State or Province Name (ST): `TX` // Fill your State/Province name |
− | - Locality Name (L): RUT2 // Fill your locality name, or at least a recognizable name for your CA | + | - Locality Name (L): `RUT2` // Fill your locality name, or at least a recognizable name for your CA |
− | - Organization Name (O): RUT2 // Fill your Organization name | + | - Organization Name (O): `RUT2` // Fill your Organization name |
− | - Organizational Unit Name (OU): RUT2 // Fill your specific Unit Name | + | - Organizational Unit Name (OU): `RUT2` // Fill your specific Unit Name |
| - `Generate` Certificate | | - `Generate` Certificate |
| | | |
Line 138: |
Line 143: |
| After you hit Generate the Client cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a RUT2.key.pem under *Keys* and a RUT1.req.pem under *Certificate requests*. | | After you hit Generate the Client cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a RUT2.key.pem under *Keys* and a RUT1.req.pem under *Certificate requests*. |
| | | |
| + | [Screenshot Here] |
| | | |
| Next we need to sign the RUT2 cert. | | Next we need to sign the RUT2 cert. |
| Under the `Certificate signing` configure as follows: | | Under the `Certificate signing` configure as follows: |
| | | |
− | - Signed Certificate Name: RUT2 | + | - Signed Certificate Name: `RUT2` |
− | - Type of Certificate to Sign: Client Certificate | + | - Type of Certificate to Sign: `Client Certificate` |
− | - Certificate Request File: RUT2.req.pem | + | - Certificate Request File: `RUT2.req.pem` |
− | - Days Valid: 3650 | + | - Days Valid: `3650` |
− | - Certificate Authority File: CAIPSec.cert.pem | + | - Certificate Authority File: `CAIPSec.cert.pem` |
− | - Certificate Authority Key: CAIPSec.key.pem | + | - Certificate Authority Key: `CAIPSec.key.pem` |
| - Leave the rest of the configuration alone | | - Leave the rest of the configuration alone |
| - `Sign` | | - `Sign` |
Line 190: |
Line 196: |
| | | |
| | | |
− | * Connection settings Advanced settings configuration as follows: | + | * IPsec Instance Advanced settings configuration as follows: |
| | | |
| - Remote certificate: `RUT2.cert.pem` // Upload RUT2 cert we created earlier. | | - Remote certificate: `RUT2.cert.pem` // Upload RUT2 cert we created earlier. |
− | | + | [Screenshot Here] |
| | | |
| * Connection settings General settings configuration as follows: | | * Connection settings General settings configuration as follows: |
Line 273: |
Line 279: |
| | | |
| - Remote certificate: `RUT1.cert.pem` // Upload RUT1 cert we created earlier. | | - Remote certificate: `RUT1.cert.pem` // Upload RUT1 cert we created earlier. |
− | | + | [Screenshot Here] |
| | | |
| * Connection settings General settings configuration as follows: | | * Connection settings General settings configuration as follows: |
Line 330: |
Line 336: |
| | | |
| ==Testing configuration== | | ==Testing configuration== |
| + | ---- |
| + | |
| + | ===RUT1 to RUT2 Test=== |
| ---- | | ---- |
| | | |
Line 335: |
Line 344: |
| That each RUT device can ping the other's LAN IP. In this case 192.168.3.1 for RUT1 & 192.168.14.1 for RUT2. | | That each RUT device can ping the other's LAN IP. In this case 192.168.3.1 for RUT1 & 192.168.14.1 for RUT2. |
| And that LAN device on RUT1 can ping LAN device on RUT2. | | And that LAN device on RUT1 can ping LAN device on RUT2. |
− |
| |
− | ===RUT1 to RUT2 Test===
| |
− | ----
| |
| | | |
| * First make sure each device has been rebooted at least once after you have finished configuring the previous steps. | | * First make sure each device has been rebooted at least once after you have finished configuring the previous steps. |
− | * SSH into RUT1 device. | + | * SSH into RUT1 device |
| * `ipsec statusall` // This should show 2 up with Security Associations and that the connection should be up for some minutes. You should also see the Cert info from the certs we created earlier. | | * `ipsec statusall` // This should show 2 up with Security Associations and that the connection should be up for some minutes. You should also see the Cert info from the certs we created earlier. |
| [Screenshot Here] | | [Screenshot Here] |
| | | |
− | * `ping 192.168.14.1` // You should get a response if the tunnel has established properly. | + | * `ping 192.168.14.1` // You should get a response if the tunnel has established properly |
| [Screenshot Here] | | [Screenshot Here] |
| | | |
− | * SSH into RUT2 device. | + | * SSH into RUT2 device |
| * `ipsec statusall` // This should show 2 up with Security Associations and that the connection should be up for some minutes. You should also see the Cert info from the certs we created earlier. | | * `ipsec statusall` // This should show 2 up with Security Associations and that the connection should be up for some minutes. You should also see the Cert info from the certs we created earlier. |
| [Screenshot Here] | | [Screenshot Here] |
| | | |
− | * `ping 192.168.3.1` // You should get a response if the tunnel has established properly. | + | * `ping 192.168.3.1` // You should get a response if the tunnel has established properly |
| [Screenshot Here] | | [Screenshot Here] |
| | | |
Line 367: |
Line 373: |
| ===RUT1 LAN device to RUT2 LAN device Test=== | | ===RUT1 LAN device to RUT2 LAN device Test=== |
| ---- | | ---- |
| + | |
| + | Here we will confirm that LAN devices behind either RUTxxx devices are able to communicate with each other. |
| | | |
| * Attach a Windows/MacOS/Linux PC via ethernet or wifi to RUT1 LAN. Remove or disable any other active interfaces on your PC. | | * Attach a Windows/MacOS/Linux PC via ethernet or wifi to RUT1 LAN. Remove or disable any other active interfaces on your PC. |