77
edits
Changes
IPSec Tunnel w/CA Certs Configuration (view source)
Revision as of 20:32, 27 June 2024
, Thursday at 20:32no edit summary
- IKE lifetime: `3h`
- IKE lifetime: `3h`
[Screenshot Here]
<br>
[[File:RUT1 IPSec Proposal Settings Phase1.png|frame|none]]
<br>
* Phase 2
* Phase 2
- IKE lifetime: `3h`
- IKE lifetime: `3h`
[Screenshot Here]
<br>
[[File:RUT1 IPSec Proposal Settings Phase2.png|frame|none]]
<br>
* Hit 'Save & Apply'
* Hit 'Save & Apply'
* Toggle the CA_EX tunnel on and hit 'Save & Apply' once more
* Toggle the CA_EX tunnel on and hit 'Save & Apply' once more
[Screenshot Here]
<br>
[[File:RUT1 IPSec Toggle On Save And Apply.png|frame|none]]
<br>
* Reboot the device once you have finished.
* Reboot the device once you have finished.
* Login to the router's WebUI and go to '''System → Services → VPN -> IPsec'''
* Login to the router's WebUI and go to '''System → Services → VPN -> IPsec'''
* Add a new instance called `CA_EX`
* Add a new instance called `CA_EX`
[Screenshot Here]
<br>
[[File:IPSec_RUT1_Config_Add_CA_EX.png|frame|none]]
<br>
* IPsec Instance General settings configuration as follows:
* IPsec Instance General settings configuration as follows:
- Remote identifier: `192.168.3.1` // We will use the LAN IP of RUT1 for the Identifier
- Remote identifier: `192.168.3.1` // We will use the LAN IP of RUT1 for the Identifier
[Screenshot Here]
<br>
[[File:RUT2 IPSec Instance General Settings Configuration.png|frame|none]]
<br>
* Connection settings Advanced settings configuration as follows:
* Connection settings Advanced settings configuration as follows:
- Remote certificate: `RUT1.cert.pem` // Upload RUT1 cert we created earlier.
- Remote certificate: `RUT1.cert.pem` // Upload RUT1 cert we created earlier.
[Screenshot Here]
<br>
[[File:RUT2 IPSec Instance Advanced Settings Configuration.png|frame|none]]
<br>
* Connection settings General settings configuration as follows:
* Connection settings General settings configuration as follows:
- Key exchange: `IKEv2`
- Key exchange: `IKEv2`
[Screenshot Here]
<br>
[[File:RUT2 IPSec Connection Settings General Settings Configuration.png|frame|none]]
<br>
* Connection settings Advanced settings configuration as follows:
* Connection settings Advanced settings configuration as follows:
- The rest of the configuration leave as default
- The rest of the configuration leave as default
[Screenshot Here]
<br>
[[File:RUT2 IPSec Connection Settings Advanced Settings Configuration.png|frame|none]]
<br>
* Connection settings Proposal settings configuration as follows:
* Connection settings Proposal settings configuration as follows:
- IKE lifetime: `3h`
- IKE lifetime: `3h`
[Screenshot Here]
<br>
[[File:RUT2 IPSec Proposal Settings Phase1.png|frame|none]]
<br>
* Phase 2
* Phase 2
- IKE lifetime: `3h`
- IKE lifetime: `3h`
[Screenshot Here]
<br>
[[File:RUT2 IPSec Proposal Settings Phase2.png|frame|none]]
<br>
* Hit 'Save & Apply'
* Hit 'Save & Apply'
* Toggle the CA_EX tunnel on and hit 'Save & Apply' once more
* Toggle the CA_EX tunnel on and hit 'Save & Apply' once more
[Screenshot Here]
<br>
[[File:RUT2 IPSec Toggle On Save And Apply.png|frame|none]]
<br>
* Reboot the device once you have finished.
* Reboot the device once you have finished.
* SSH into RUT1 device
* SSH into RUT1 device
* `ipsec statusall` // This should show 2 up with Security Associations and that the connection should be up for some minutes. You should also see the Cert info from the certs we created earlier.
* `ipsec statusall` // This should show 2 up with Security Associations and that the connection should be up for some minutes. You should also see the Cert info from the certs we created earlier.
<br>
[Screenshot Here]
[Screenshot Here]
<br>
* `ping 192.168.14.1` // You should get a response if the tunnel has established properly
* `ping 192.168.14.1` // You should get a response if the tunnel has established properly
[Screenshot Here]
[Screenshot Here]
