Line 49: |
Line 49: |
| * Create another instance on the second router the same way you created the server (login, add new instance, click "Edit"). Adhere to the configurations presented in the figure below: | | * Create another instance on the second router the same way you created the server (login, add new instance, click "Edit"). Adhere to the configurations presented in the figure below: |
| | | |
− | [[File:Networking rutxxx configuration examples ipsec client configuration v1.jpg|border|class=tlt-border]] | + | [[File:Networking rutxxx configuration examples ipsec client configuration v2.png|border|class=tlt-border]] |
| | | |
− | * '''Enable''' - if checked, enables the IPsec instance
| + | # '''Enable''' - if checked, enables the IPsec instance |
− | * '''Remote endpoint''' - IP address or hostname of the remote IPsec instance. Enter the '''IPsec server's Public IP address''' in the client's configuration
| + | # '''Remote endpoint''' - IP address or hostname of the remote IPsec instance. Enter the '''IPsec server's Public IP address''' in the client's configuration |
− | * '''Pre shared key''' - a shared password used for authentication between the peers. The value of this field must match the other instance
| + | # ''' Pre-shared key''' - a shared password used for authentication between the peers. The value of this field must match the other instance |
− | * '''Local identifier''' - 192.168.0.20
| + | # '''Local identifier''' - 192.168.0.20 |
− | * '''Remote identifier''' - 192.168.0.1
| + | # '''Remote identifier''' - 192.168.0.1 |
− | * '''Type''' - the type of the connection. '''Transport''' encrypts only the payload and Encapsulating Security Payload (ESP) trailer; so the IP header of the original packet is not encrypted. Transport mode is usually used when another tunneling protocol (such as [[VPN#GRE_Tunnel|GRE]], [[VPN#L2TP|L2TP]]) is used to first encapsulate the IP data packet, then IPsec is used to protect the GRE/L2TP tunnel packets. NAT traversal is not supported with the transport mode
| + | # '''Type''' - the type of the connection. |
− | * '''IKE liftime''' - 8h, make sure you've inserted the same liftime in '''Phase 1''' and '''Phase 2'''
| + | #'''Transport''' encrypts only the payload and Encapsulating Security Payload (ESP) trailer; so the IP header of the original packet is not encrypted. Transport mode is usually used when another tunneling protocol (such as [[VPN#GRE_Tunnel|GRE]], [[VPN#L2TP|L2TP]]) is used to first encapsulate the IP data packet, then IPsec is used to protect the GRE/L2TP tunnel packets. NAT traversal is not supported with the transport mode |
| + | # '''IKE lifetime''' - 8h, make sure you've inserted the same lifetime in '''Phase 1''' and '''Phase 2''' |
| | | |
| ====Testing the connection==== | | ====Testing the connection==== |