Changes

IPSec Tunnel w/CA Certs Configuration (view source)

Revision as of 20:45, 27 June 2024

196 bytes added ,  Thursday at 20:45
no edit summary
Line 534: Line 534:  
* `ipsec statusall` // This should show 2 up with Security Associations and that the connection should be up for some minutes. You should also see the Cert info from the certs we created earlier.
 
* `ipsec statusall` // This should show 2 up with Security Associations and that the connection should be up for some minutes. You should also see the Cert info from the certs we created earlier.
 
<br>
 
<br>
[Screenshot Here]
+
 
 +
[[File:RUT1 IPSec Status.png|frame|none]]
    
<br>
 
<br>
 
* `ping 192.168.14.1` // You should get a response if the tunnel has established properly
 
* `ping 192.168.14.1` // You should get a response if the tunnel has established properly
[Screenshot Here]
+
<br>
 +
 
 +
[[File:RUT1 Ping To RUT2 Check.png|frame|none]]
 +
 
 +
<br>
    
* SSH into RUT2 device
 
* SSH into RUT2 device
 
* `ipsec statusall` // This should show 2 up with Security Associations and that the connection should be up for some minutes. You should also see the Cert info from the certs we created earlier.
 
* `ipsec statusall` // This should show 2 up with Security Associations and that the connection should be up for some minutes. You should also see the Cert info from the certs we created earlier.
[Screenshot Here]
+
<br>
 +
 
 +
[[File:RUT2 IPSec Status.png|frame|none]]
 +
 
 +
<br>
    
* `ping 192.168.3.1` // You should get a response if the tunnel has established properly
 
* `ping 192.168.3.1` // You should get a response if the tunnel has established properly
[Screenshot Here]
+
<br>
 +
 
 +
[[File:RUT2 Ping To RUT1 Check.png|frame|none]]
 +
 
 +
<br>
    
* SSH into RUT1 device
 
* SSH into RUT1 device
Line 555: Line 568:  
* On RUT1 wait 10 seconds then CTRL+C to stop the program
 
* On RUT1 wait 10 seconds then CTRL+C to stop the program
 
* Then use a program like WinSCP to download `Checking_For_ESP_Packets.pcap` from RUT1
 
* Then use a program like WinSCP to download `Checking_For_ESP_Packets.pcap` from RUT1
* Open the file in a program called Wireshark and filter for encrypted ESP packets with this `_ws.col.protocol == "ESP"`. You should see ESP packets from both the WAN IPs. You shouldn't be able to see inside the packet because it is now encrypted, but if we decrypted the packets we would see the ICMP packets between the 2 RUT devices.
+
* Open the file in a program called Wireshark and filter for encrypted ESP packets with this '''_ws.col.protocol == "ESP"'''. You should see ESP packets from both the WAN IPs. You shouldn't be able to see inside the packet because it is now encrypted, but if we decrypted the packets we would see the ICMP packets between the 2 RUT devices.
[Screenshot Here]
+
<br>
 +
 
 +
[[File:Checking Pcap With Wireshark.png|frame|none]]
 +
 
 +
<br>
    
===RUT1 LAN device to RUT2 LAN device Test===
 
===RUT1 LAN device to RUT2 LAN device Test===
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/128167"

Navigation menu