Changes

Domnev (view source)

Revision as of 12:36, 22 March 2023

688 bytes removed ,  12:36, 22 March 2023
no edit summary
Line 14: Line 14:     
==Topology==
 
==Topology==
 +
 +
[[File:IPsec TLT to TLT Topology.png|border|center|class=tlt-border|839x399px]]
    
'''RUT1''' - RUTX12 as a '''hub'''. A hub is a server, to which our spoke will be connecting (IPsec responder). It will be our "default gateway" for the spoke device. RUTX12 has a LAN subnet of 192.168.11.0/24 configured on it, which should be reachable by the '''spoke'''.
 
'''RUT1''' - RUTX12 as a '''hub'''. A hub is a server, to which our spoke will be connecting (IPsec responder). It will be our "default gateway" for the spoke device. RUTX12 has a LAN subnet of 192.168.11.0/24 configured on it, which should be reachable by the '''spoke'''.
Line 173: Line 175:     
==Testing the configuration==
 
==Testing the configuration==
After we establish the tunnel, we may observe the following information:
+
If you've followed all the steps presented above, your configuration should be finished. But as with any other configuration, it is always wise to test the setup in order to make sure that it works properly.
===RUT1 (Hub) side===
+
 
----
+
Using the <code><span class="highlight">ipsec statusall</span></code> command we can see that IPsec tunnel is successfully established on both routers. The command output on a '''hub (RUT1)''' device:
<pre>ipsec status all</pre>
      
<pre>
 
<pre>
Line 204: Line 205:  
</pre>
 
</pre>
   −
<pre> /tmp/ipsec/ipsec.conf </pre>
+
The same command output on '''spoke (RUT2)''' device:
 
  −
<pre>
  −
root@Teltonika-RUTX12:~# cat /tmp/ipsec/ipsec.conf
  −
# generated by /etc/init.d/ipsec
  −
version 2
  −
 
  −
conn HUB-HUB_c
  −
  left=%any
  −
  right=%any
  −
  leftfirewall=yes
  −
  rightfirewall=no
  −
  ikelifetime=3h
  −
  lifetime=1h
  −
  margintime=9m
  −
  keyingtries=3
  −
  dpdaction=none
  −
  dpddelay=30s
  −
  dpdtimeout=90s
  −
  leftauth=psk
  −
  rightauth=psk
  −
  rightsourceip=10.20.30.0/24
  −
  auto=start
  −
  leftsubnet=0.0.0.0/0
  −
  rightdns=9.9.9.9
  −
  aggressive=no
  −
  forceencaps=no
  −
  type=tunnel
  −
  keyexchange=ikev2
  −
  esp=aes128-sha256-ecp521!
  −
  ike=aes256-sha512-ecp521!
  −
</pre>
  −
 
  −
===RUT2 (Spoke) side===
  −
----
      
<pre>
 
<pre>
Line 270: Line 237:  
</pre>
 
</pre>
   −
 
+
Also, as the hub should be reachable by spoke, we can try pinging the hub using <code><span class="highlight">ping 192.168.11.1</span></code>:
<pre>
  −
root@Teltonika-RUT955:~# cat /tmp/ipsec/ipsec.conf
  −
# generated by /etc/init.d/ipsec
  −
version 2
  −
 
  −
conn passth_SPOKE_ph2_1_lan
  −
  type=passthrough
  −
  leftsubnet=192.168.9.1/24
  −
  rightsubnet=192.168.9.1/24
  −
  auto=route
  −
 
  −
conn SPOKE-SPOKE_c
  −
  left=%any
  −
  right=84.xxx.xxx.xxx
  −
  leftsourceip=%config
  −
  leftfirewall=yes
  −
  rightfirewall=no
  −
  ikelifetime=3h
  −
  lifetime=1h
  −
  margintime=9m
  −
  keyingtries=3
  −
  dpdaction=none
  −
  dpddelay=30s
  −
  dpdtimeout=90s
  −
  leftauth=psk
  −
  rightauth=psk
  −
  rightsubnet=0.0.0.0/0
  −
  auto=start
  −
  aggressive=no
  −
  forceencaps=no
  −
  type=tunnel
  −
  keyexchange=ikev2
  −
  esp=aes128-sha256-ecp521!
  −
  ike=aes256-sha512-ecp521!
  −
</pre>
  −
 
      
== See also ==
 
== See also ==
    
== External links ==
 
== External links ==
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/105840"

Navigation menu