31,703
edits
Changes
→IPsec
[[Image:Services vpn ipsec.PNG]]
[[File:Services vpn ipsec v 2.png]]
{| class="wikitable"
{| class="wikitable"
| style="text-align: left; vertical-align: top;" | string; Default: " "
| style="text-align: left; vertical-align: top;" | string; Default: " "
| style="text-align: left; vertical-align: top;" | In case RUT has a Private IP, its identifier should be its own LAN network address. In this way, the Road Warrior approach is possible
| style="text-align: left; vertical-align: top;" | In case RUT has a Private IP, its identifier should be its own LAN network address. In this way, the Road Warrior approach is possible
|-
! style="text-align: left; vertical-align: top;" | Local IP address/Subnet mask
| style="text-align: left; vertical-align: top;" | ip/netmask {{!}} Default: " "
| style="text-align: left; vertical-align: top;" | Local network secure group IP address and mask used to determine at what subnet an IP address can be accessed. Netmask range [0 - 32]. If left empty IP address will be selected automatically
|-
! style="text-align: left; vertical-align: top;" | Left firewall
| style="text-align: left; vertical-align: top;" | yes {{!}} no; Default: '''yes'''
| style="text-align: left; vertical-align: top;" | Excludes IPsec tunnel from firewall rules
|-
|-
! style="text-align: left; vertical-align: top;" | Force encapsulation
! style="text-align: left; vertical-align: top;" | Force encapsulation
| style="text-align: left; vertical-align: top;" | yes {{!}} no; Default: '''no
| style="text-align: left; vertical-align: top;" | yes {{!}} no; Default: '''no'''
| style="text-align: left; vertical-align: top;" | Forces UDP encapsulation for ESP packets even if no NAT situation is detected
| style="text-align: left; vertical-align: top;" | Forces UDP encapsulation for ESP packets even if no NAT situation is detected
|-
|-
| style="text-align: left; vertical-align: top;" | IP address or hostname of the remote IPsec instance
| style="text-align: left; vertical-align: top;" | IP address or hostname of the remote IPsec instance
|-
|-
! style="text-align: left; vertical-align: top;" | IP address/subnet mask
! style="text-align: left; vertical-align: top;" | Remote IP address/subnet mask
| style="text-align: left; vertical-align: top;" | ip/integer [0..32]; Default: " "
| style="text-align: left; vertical-align: top;" | ip/integer [0..32]; Default: " "
| style="text-align: left; vertical-align: top;" | Remote network secure group IP address and mask used to determine to what subnet an IP address belongs to. Should differ from device’s LAN IP
| style="text-align: left; vertical-align: top;" | Remote network secure group IP address and mask used to determine to what subnet an IP address belongs to. Should differ from device’s LAN IP
|-
! style="text-align: left; vertical-align: top;" | Right firewall
| style="text-align: left; vertical-align: top;" | yes {{!}} no; Default: '''yes'''
| style="text-align: left; vertical-align: top;" | Excludes remote side IPsec tunnel from firewall rules
|-
|-
! style="text-align: left; vertical-align: top;" | Enable keep alive
! style="text-align: left; vertical-align: top;" | Enable keep alive
| style="text-align: left; vertical-align: top;" | integer [0..9999999]; Default: " "
| style="text-align: left; vertical-align: top;" | integer [0..9999999]; Default: " "
| style="text-align: left; vertical-align: top;" | Send ICMP echo request every '''x''' seconds ('''x''' being the number specified in this field)
| style="text-align: left; vertical-align: top;" | Send ICMP echo request every '''x''' seconds ('''x''' being the number specified in this field)
|-
! style="text-align: left; vertical-align: top;" | Allow WebUI access
| style="text-align: left; vertical-align: top;" | yes {{!}} no; Default: '''no'''
| style="text-align: left; vertical-align: top;" | If enabled, allows router's WebUI access through the IPsec tunnel
|-
|-
|}
|}
