1,108
edits
Changes
no edit summary
<tr>
<tr>
<td style="border-bottom: 4px solid white>
<td style="border-bottom: 4px solid white>
# '''''Enable''''' instance
# '''''Enable''''' instance;
# Authentication method - '''''Pre-shared key'''''
# Authentication method - '''''Pre-shared key;'''''
# Pre-shared key - '''''your desired password'''''
# Pre-shared key - '''''your desired password;'''''
</td>
</td>
</tr>
</tr>
<tr>
<tr>
<td style="border-bottom: 4px solid white>
<td style="border-bottom: 4px solid white>
# Mode - '''Start''';
# Mode - '''''Start;'''''
# Type - '''Tunnel''';
# Type - '''''Tunnel;'''''
# Local subnet - '''0.0.0.0/.0''';
# Local subnet - '''''0.0.0.0/.0;'''''
# Key exchange - '''IKEv2''';
# Key exchange - '''''IKEv2;'''''
</td>
</td>
</tr>
</tr>
<tr>
<tr>
<td style="border-bottom: 4px solid white>
<td style="border-bottom: 4px solid white>
# '''Enable''' Local firewall;
# '''''Enable''''' '''''Local firewall;'''''
# Remote source IP - '''10.20.30.0/24''';
# Remote source IP - '''''10.20.30.0/24;'''''
# Remote DNS '''9.9.9.9''';
# Remote DNS '''''9.9.9.9;'''''
</td>
</td>
</tr>
</tr>
<tr>
<tr>
<td style="border-bottom: 4px solid white>
<td style="border-bottom: 4px solid white>
# Encryption - '''AES256''';
# Encryption - '''''AES256;'''''
# Authentication - '''SHA512''';
# Authentication - '''''SHA512;'''''
# DH group - '''ECP521''';
# DH group - '''''ECP521;'''''
</td>
</td>
</tr>
</tr>
<tr>
<tr>
<td style="border-bottom: 4px solid white>
<td style="border-bottom: 4px solid white>
# Encryption - '''AES128''';
# Encryption - '''''AES128;'''''
# Authentication - '''SHA256''';
# Authentication - '''''SHA256;'''''
# DH group - '''ECP521''';
# DH group - '''''ECP521;'''''
</td>
</td>
</tr>
</tr>
<tr>
<tr>
<td style="border-bottom: 4px solid white>
<td style="border-bottom: 4px solid white>
# '''Enable''' instance;
# '''''Enable''''' instance;
# Remote endpoint - '''RUT1 public IP''';
# Remote endpoint - '''''RUT1 public IP;'''''
# Authentication method - '''Pre-shared key''';
# Authentication method - '''''Pre-shared key;'''''
# Pre-shared key - the '''same password''' you have '''set on''' '''RUT1''' when configuring '''HUB instance''';
# Pre-shared key - the '''''same password''''' you have '''''set on''''' '''''RUT1''''' when configuring '''''HUB instance;'''''
</td>
</td>
</tr>
</tr>
<tr>
<tr>
<td style="border-bottom: 4px solid white>
<td style="border-bottom: 4px solid white>
# Mode - '''Start''';
# Mode - '''''Start;'''''
# Type - '''Tunnel''';
# Type - '''''Tunnel;'''''
# '''Enabled''' '''default route''';
# '''''Enable''''' '''''default route;'''''
# Key exchange - '''IKEv2''';
# Key exchange - '''''IKEv2;'''''
</td>
</td>
</tr>
</tr>
<tr>
<tr>
<td style="border-bottom: 4px solid white>
<td style="border-bottom: 4px solid white>
# Encryption - '''AES256''';
# Encryption - '''''AES256;'''''
# Authentication - '''SHA512''';
# Authentication - '''''SHA512;'''''
# DH group - '''ECP521''';
# DH group - '''''ECP521;'''''
</td>
</td>
</tr>
</tr>
<tr>
<tr>
<td style="border-bottom: 4px solid white>
<td style="border-bottom: 4px solid white>
# Encryption - '''AES128''';
# Encryption - '''''AES128;'''''
# Authentication - '''SHA256''';
# Authentication - '''''SHA256;'''''
# DH group - '''ECP521''';
# DH group - '''''ECP521;'''''
</td>
</td>
</tr>
</tr>
</table>
</table>
==Testing configuration==
After we establish the tunnel, we may observe the following information:
===RUT1 (HUB) side===
----
Using the <pre>ipsec statusall</pre> command we can see that the tunnel has been established.
<pre>
root@Teltonika-RUTX12:~# ipsec statusall
Status of IKE charon daemon (strongSwan 5.9.2, Linux 5.4.231, armv7l):
uptime: 74 minutes, since Mar 21 08:52:39 2023
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2
loaded plugins: charon aes des sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp pem openssl gmp xcbc hmac kernel-netlink socket-default stroke vici updown eap-identity eap-mschapv2 xauth-generic
Virtual IP pools (size/online/offline):
10.20.30.0/24: 254/1/0
Listening IP addresses:
84.xxx.xxx.xxx
192.168.11.1
fd93:51e6:6fe8::1
Connections:
HUB-HUB_c: %any...%any IKEv2
HUB-HUB_c: local: uses pre-shared key authentication
HUB-HUB_c: remote: uses pre-shared key authentication
HUB-HUB_c: child: 0.0.0.0/0 === dynamic TUNNEL
Security Associations (1 up, 0 connecting):
HUB-HUB_c[2]: ESTABLISHED 74 minutes ago, 84.xxx.xxx.xxx[84.xxx.xxx.xxx]...88.xxx.xxx.xxx[192.168.86.197]
HUB-HUB_c[2]: IKEv2 SPIs: ded11f31c20352dc_i 58ebc8d96264c21e_r*, pre-shared key reauthentication in 89 minutes
HUB-HUB_c[2]: IKE proposal: AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_521
HUB-HUB_c{3}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c27cb140_i c7382615_o
HUB-HUB_c{3}: AES_CBC_128/HMAC_SHA2_256_128/ECP_521, 215536 bytes_i (1981 pkts, 1s ago), 126021 bytes_o (499 pkts, 1s ago), rekeying in 14 minutes
HUB-HUB_c{3}: 0.0.0.0/0 === 10.20.30.1/32
</pre>
== See also ==
== See also ==
== External links ==
== External links ==