Changes
Template:Networking rut9xx manual vpn ipsec (view source)
Revision as of 19:11, 27 February 2020
, 19:11, 27 February 2020no edit summary
<td>integer; default: <b>none</b></td>
<td>integer; default: <b>none</b></td>
<td>Time limit after which the IPsec instance will stop checking the availability of a peer and determine it to be "dead" if no response is received.</td>
<td>Time limit after which the IPsec instance will stop checking the availability of a peer and determine it to be "dead" if no response is received.</td>
</tr>
</tr><tr><td>Authentification type</td><td>Pre-shared key | X.509; default: '''Pre-shared key'''</td><td>Here you can choose authentification type accordingly to your IPSec configuration</td></tr><tr><td>Certificate file
</td><td>.crt file; default: '''none'''</td><td>Uploads a certificate file.</td></tr><tr><td>Key file</td><td>.key file; default: '''none'''</td><td>Uploads a key file.</td></tr><tr><td>Right participant's certificate</td><td>.crt file; default: '''none'''</td><td>Right participant's certificate certificate is used to authenticate remote peer</td></tr><tr><td>CA certificate</td><td>.crt file; default: '''none'''</td><td>Uploads a Certificate authority (CA) file.</td></tr><tr><td>Pre shared key
</td><td>string; default: '''none'''</td><td>A shared password used to authenticate between the peers</td></tr><tr><td>Use additional xauth authentification</td><td>yes | no; default: <b>no</b></td><td>Adds additional xauth authentification options.</td></tr><tr><td>Xauth password
</td><td>string;default: <b>none</b></td><td>Password for additional peer authentification.</td></tr><tr>
<td>Remote VPN endpoint</td>
<td>Remote VPN endpoint</td>
<td>host | ip; default: <b>none</b></td>
<td>host | ip; default: <b>none</b></td>
<td>yes | no; default: <b>no</b></td>
<td>yes | no; default: <b>no</b></td>
<td>Adds several necessary options to make DMVPN work.</td>
<td>Adds several necessary options to make DMVPN work.</td>
</tr>
</tr><tr><td>Passthrough networks</td><td>None | LAN | Wired | WiFi | Mobile | custom; default: '''none'''</td><td>Select networks which should be passthrough and excluded from routing through tunnel</td></tr><tr>
<td>Enable keepalive</td>
<td>Enable keepalive</td>
<td>yes | no; default: <b>no</b></td>
<td>yes | no; default: <b>no</b></td>
IKE (Internet Key Exchange) is a protocol used to set up security associations (SAs) for the IPsec connection. This process is required before the IPsec tunnel can be established. It is done in two phases:
IKE (Internet Key Exchange) is a protocol used to set up security associations (SAs) for the IPsec connection. This process is required before the IPsec tunnel can be established. It is done in two phases:
----
----
<table border=1; style="border-collapse: collapse;">
<table style="border-collapse: collapse;" border="1;">
<tr>
<tr>
<th width=400><span style="color: #0054A6;">Phase</span></th>
<th width="400"><span style="color: #0054A6;">Phase</span></th>
<th colspan="2"><span style="color: #0054A6;">Mode</span></th>
<th colspan="2"><span style="color: #0054A6;">Mode</span></th>
</tr>
</tr>
</ul>
</ul>
</td>
</td>
<td width=350>Main mode (figure 1)
<td width="350">Main mode (figure 1)
<ul>
<ul>
<li>6 packets exchanged</li>
<li>6 packets exchanged</li>
</ul>
</ul>
</td>
</td>
<td width=350>Aggressive mode (figure 2)
<td width="350">Aggressive mode (figure 2)
<ul>
<ul>
<li>3 packets exchanged</li>
<li>3 packets exchanged</li>
</tr>
</tr>
<tr>
<tr>
<td width=500>[[File:{{{file_ipsec_main_mode}}}]]</td>
<td width="500">[[File:{{{file_ipsec_main_mode}}}]]</td>
<td width=500>[[File:{{{file_ipsec_aggressive_mode}}}]]</td>
<td width="500">[[File:{{{file_ipsec_aggressive_mode}}}]]</td>
</tr>
</tr>
</table>
</table>