Changes

* Login to the router's WebUI and navigate to '''Services → VPN → IPsec'''. Enter a custom name for your IPsec instance and click the "Add" button. Then click the "Edit" button located next to the newly created instance after which you will redirected to that instance's configuration window. Adhere to the configurations presented in the figure below:

* Login to the router's WebUI and navigate to '''Services → VPN → IPsec'''. Enter a custom name for your IPsec instance and click the "Add" button. Then click the "Edit" button located next to the newly created instance after which you will redirected to that instance's configuration window. Adhere to the configurations presented in the figure below:

[[File:Networking rutxxx configuration examples ipsec server configuration v2.png|border|class=tlt-border]]

[[File:Networking rutxxx configuration examples ipsec server configuration v1.jpg|border|class=tlt-border]]

# '''Enable''' - if checked, enables the IPsec instance

* '''Enable''' - if checked, enables the IPsec instance

# '''Remote endpoint''' - IP address or hostname of the remote IPsec instance. '''Leave empty''' for the server configuration

* '''Remote endpoint''' - IP address or hostname of the remote IPsec instance. '''Leave empty''' for the server configuration

# '''Pre shared key''' - a shared password used for authentication between the peers. The value of this field must match the other instance

* '''Pre shared key''' - a shared password used for authentication between the peers. The value of this field must match the other instance

# '''Local identifier''' - 192.168.0.1

* '''Local identifier''' - 192.168.0.1

# '''Remote identifier''' - 192.168.0.20

* '''Remote identifier''' - 192.168.0.20

# '''Type''' - the type of the connection.  

* '''Type''' - the type of the connection. '''Transport''' encrypts only the payload and Encapsulating Security Payload (ESP) trailer; so the IP header of the original packet is not encrypted. Transport mode is usually used when another tunneling protocol (such as [[VPN#GRE_Tunnel|GRE]], [[VPN#L2TP|L2TP]]) is used to first encapsulate the IP data packet, then IPsec is used to protect the GRE/L2TP tunnel packets. NAT traversal is not supported with the transport mode

#'''Transport''' encrypts only the payload and Encapsulating Security Payload (ESP) trailer; so the IP header of the original packet is not encrypted. Transport mode is usually used when another tunneling protocol (such as [[VPN#GRE_Tunnel|GRE]], [[VPN#L2TP|L2TP]]) is used to first encapsulate the IP data packet, then IPsec is used to protect the GRE/L2TP tunnel packets. NAT traversal is not supported with the transport mode

* '''IKE liftime''' - 8h, make sure you've inserted the same liftime in '''Phase 1''' and '''Phase 2'''

# '''IKE lifetime''' - 8h, make sure you've inserted the same lifetime in '''Phase 1''' and '''Phase 2'''

====Client (RUT2)====

====Client (RUT2)====

* Create another instance on the second router the same way you created the server (login, add new instance, click "Edit"). Adhere to the configurations presented in the figure below:

* Create another instance on the second router the same way you created the server (login, add new instance, click "Edit"). Adhere to the configurations presented in the figure below:

[[File:Networking rutxxx configuration examples ipsec client configuration v2.png|border|class=tlt-border]]

[[File:Networking rutxxx configuration examples ipsec client configuration v1.jpg|border|class=tlt-border]]

# '''Enable''' - if checked, enables the IPsec instance

* '''Enable''' - if checked, enables the IPsec instance

# '''Remote endpoint''' - IP address or hostname of the remote IPsec instance. Enter the '''IPsec server's Public IP address''' in the client's configuration

* '''Remote endpoint''' - IP address or hostname of the remote IPsec instance. Enter the '''IPsec server's Public IP address''' in the client's configuration

# ''' Pre-shared key''' - a shared password used for authentication between the peers. The value of this field must match the other instance

* '''Pre shared key''' - a shared password used for authentication between the peers. The value of this field must match the other instance

# '''Local identifier''' - 192.168.0.20

* '''Local identifier''' - 192.168.0.20

# '''Remote identifier''' - 192.168.0.1

* '''Remote identifier''' - 192.168.0.1

# '''Type''' - the type of the connection.  

* '''Type''' - the type of the connection. '''Transport''' encrypts only the payload and Encapsulating Security Payload (ESP) trailer; so the IP header of the original packet is not encrypted. Transport mode is usually used when another tunneling protocol (such as [[VPN#GRE_Tunnel|GRE]], [[VPN#L2TP|L2TP]]) is used to first encapsulate the IP data packet, then IPsec is used to protect the GRE/L2TP tunnel packets. NAT traversal is not supported with the transport mode

#'''Transport''' encrypts only the payload and Encapsulating Security Payload (ESP) trailer; so the IP header of the original packet is not encrypted. Transport mode is usually used when another tunneling protocol (such as [[VPN#GRE_Tunnel|GRE]], [[VPN#L2TP|L2TP]]) is used to first encapsulate the IP data packet, then IPsec is used to protect the GRE/L2TP tunnel packets. NAT traversal is not supported with the transport mode

* '''IKE liftime''' - 8h, make sure you've inserted the same liftime in '''Phase 1''' and '''Phase 2'''

# '''IKE lifetime''' - 8h, make sure you've inserted the same lifetime in '''Phase 1''' and '''Phase 2'''

====Testing the connection====

====Testing the connection====