77
edits
Changes
IPSec Tunnel w/CA Certs Configuration (view source)
Revision as of 00:15, 28 June 2024
, Friday at 00:15no edit summary
- Authentication method: '''''X.509'''''
- Authentication method: '''''X.509'''''
- Key: '''''RUT1.key.pem''''' // Browse and import the RUT1.key.pem we created & downloaded earlier.
- Key: '''''RUT1.key.pem''''' // Browse and import the RUT1.key.pem we created & downloaded earlier.
- Key decryption passphrase: Leave blank // This is only needed if an additional password was added to the cert, which we did not do in our earlier steps.
- Key decryption passphrase: Leave blank // This is only needed if an additional password was added to the cert, which we did not do in our earlier steps.
- Local certificate: '''''RUT1.cert.pem''''' // Browse and import the RUT1.cert.pem we created & downloaded earlier.
- Local certificate: '''''RUT1.cert.pem''''' // Browse and import the RUT1.cert.pem we created & downloaded earlier.
- CA certificate: '''''CAIPSec.cert.pem''''' // Browse and import the CAIPSec.cert.pem we created & downloaded earlier.
- CA certificate: '''''CAIPSec.cert.pem''''' // Browse and import the CAIPSec.cert.pem we created & downloaded earlier.
- Local identifier: '''''192.168.3.1''''' // We will use the LAN IP of RUT1 for the Identifier
- Local identifier: '''''192.168.3.1''''' // We will use the LAN IP of RUT1 for the Identifier
- Remote identifier: '''''192.168.14.1''''' // We will use the LAN IP of RUT2 for the Identifier
- Remote identifier: '''''192.168.14.1''''' // We will use the LAN IP of RUT2 for the Identifier
<br>
<br>
* IPsec Instance Advanced settings configuration as follows:
* IPsec Instance Advanced settings configuration as follows:
- Remote certificate: '''''RUT2.cert.pem''''' // Upload RUT2 cert we created earlier.
- Remote certificate: '''''RUT2.cert.pem''''' // Upload RUT2 cert we created earlier.
<br>
<br>
* Connection settings General settings configuration as follows:
* Connection settings General settings configuration as follows:
- Mode: '''''Start''''' // start loads a connection and brings
- Mode: '''''Start''''' // start loads a connection and brings
it up immediately. For more configuration information please reference *auto* here (https://wiki.strongswan.org/projects/strongswan/wiki/Connsection)
it up immediately. For more configuration information please reference *auto* here (https://wiki.strongswan.org/projects/strongswan/wiki/Connsection)
- Type: '''''Tunnel'''''
- Type: '''''Tunnel'''''
- Default route: '''''off''''' // Only use this if you want your default route to be out this tunnel.
- Default route: '''''off''''' // Only use this if you want your default route to be out this tunnel.
- Local subnet: '''''192.168.3.0/24''''' // RUT1 LAN subnet we want access to through the tunnel
- Local subnet: '''''192.168.3.0/24''''' // RUT1 LAN subnet we want access to through the tunnel
- Remote subnet: '''''192.168.14.0/24''''' // RUT2 LAN subnet we want access to through the tunnel
- Remote subnet: '''''192.168.14.0/24''''' // RUT2 LAN subnet we want access to through the tunnel
- Key exchange: '''''IKEv2'''''
- Key exchange: '''''IKEv2'''''
<br>
<br>
* Connection settings Advanced settings configuration as follows:
* Connection settings Advanced settings configuration as follows:
- Force encapsulation: '''''On'''''
- Force encapsulation: '''''On'''''
- Local Firewall: '''''On'''''
- Local Firewall: '''''On'''''
- Remote Firewall: '''''On'''''
- Remote Firewall: '''''On'''''
- Inactivity: '''''3600''''' // This is in seconds. Can be changed depending on how often you want the tunnel to be checked for data passing.
- Inactivity: '''''3600''''' // This is in seconds. Can be changed depending on how often you want the tunnel to be checked for data passing.
- Dead peer detection: '''''On'''''
- Dead peer detection: '''''On'''''
- DPD action: '''''Restart'''''
- DPD action: '''''Restart'''''
- DPD delay: '''''30''''' // This is in seconds.
- DPD delay: '''''30''''' // This is in seconds.
- DPD Timeout: '''''150''''' // This is in seconds.
- DPD Timeout: '''''150''''' // This is in seconds.
- The rest of the configuration leave as default
- The rest of the configuration leave as default
<br>
<br>
* IPsec Instance General settings configuration as follows:
* IPsec Instance General settings configuration as follows:
- Remote endpoint: '''''192.168.1.3''''' // This should be RUT1 WAN IP. You should be able to ping this IP from RUT2 WAN IP.
- Remote endpoint: '''''192.168.1.3''''' // This should be RUT1 WAN IP. You should be able to ping this IP from RUT2 WAN IP.
- Authentication method: '''''X.509'''''
- Authentication method: '''''X.509'''''
- Key: '''''RUT2.key.pem''''' // Browse and import the RUT2.key.pem we created & downloaded earlier.
- Key: '''''RUT2.key.pem''''' // Browse and import the RUT2.key.pem we created & downloaded earlier.
- Key decryption passphrase: Leave blank // This is only needed if an additional password was added to the cert, which we did not do in our earlier steps.
- Key decryption passphrase: Leave blank // This is only needed if an additional password was added to the cert, which we did not do in our earlier steps.
- Local certificate: '''''RUT2.cert.pem''''' // Browse and import the RUT1.cert.pem we created & downloaded earlier.
- Local certificate: '''''RUT2.cert.pem''''' // Browse and import the RUT1.cert.pem we created & downloaded earlier.
- CA certificate: '''''CAIPSec.cert.pem''''' // Browse and import the CAIPSec.cert.pem we created & downloaded earlier.
- CA certificate: '''''CAIPSec.cert.pem''''' // Browse and import the CAIPSec.cert.pem we created & downloaded earlier.
- Local identifier: '''''192.168.14.1''''' // We will use the LAN IP of RUT2 for the Identifier
- Local identifier: '''''192.168.14.1''''' // We will use the LAN IP of RUT2 for the Identifier
- Remote identifier: '''''192.168.3.1''''' // We will use the LAN IP of RUT1 for the Identifier
- Remote identifier: '''''192.168.3.1''''' // We will use the LAN IP of RUT1 for the Identifier
<br>
<br>
* Connection settings Advanced settings configuration as follows:
* Connection settings Advanced settings configuration as follows:
- Remote certificate: '''''RUT1.cert.pem''''' // Upload RUT1 cert we created earlier.
- Remote certificate: '''''RUT1.cert.pem''''' // Upload RUT1 cert we created earlier.
<br>
<br>
* Connection settings General settings configuration as follows:
* Connection settings General settings configuration as follows:
- Mode: '''''Start''''' // start loads a connection and brings
- Mode: '''''Start''''' // start loads a connection and brings
it up immediately. For more configuration information please reference *auto* here (https://wiki.strongswan.org/projects/strongswan/wiki/Connsection)
it up immediately. For more configuration information please reference *auto* here (https://wiki.strongswan.org/projects/strongswan/wiki/Connsection)
- Type: '''''Tunnel'''''
- Type: '''''Tunnel'''''
- Default route: '''''off''''' // Only use this if you want your default route to be out this tunnel.
- Default route: '''''off''''' // Only use this if you want your default route to be out this tunnel.
- Local subnet: '''''192.168.14.0/24''''' // RUT2 LAN subnet we want access to through the tunnel
- Local subnet: '''''192.168.14.0/24''''' // RUT2 LAN subnet we want access to through the tunnel
- Remote subnet: '''''192.168.3.0/24''''' // RUT1 LAN subnet we want access to through the tunnel
- Remote subnet: '''''192.168.3.0/24''''' // RUT1 LAN subnet we want access to through the tunnel
- Key exchange: '''''IKEv2'''''
- Key exchange: '''''IKEv2'''''
<br>
<br>
* Connection settings Advanced settings configuration as follows:
* Connection settings Advanced settings configuration as follows:
- Force encapsulation: '''''On'''''
- Force encapsulation: '''''On'''''
- Local Firewall: '''''On'''''
- Local Firewall: '''''On'''''
- Remote Firewall: '''''On'''''
- Remote Firewall: '''''On'''''
- Inactivity: '''''3600''''' // This is in seconds. Can be changed depending on how often you want the tunnel to be checked for data passing.
- Inactivity: '''''3600''''' // This is in seconds. Can be changed depending on how often you want the tunnel to be checked for data passing.
- Dead peer detection: '''''On'''''
- Dead peer detection: '''''On'''''
- DPD action: '''''Restart'''''
- DPD action: '''''Restart'''''
- DPD delay: '''''30''''' // This is in seconds.
- DPD delay: '''''30''''' // This is in seconds.
- DPD Timeout: '''''150''''' // This is in seconds.
- DPD Timeout: '''''150''''' // This is in seconds.
- The rest of the configuration leave as default
- The rest of the configuration leave as default
<br>
<br>