Changes

Template:DHCP over IPsec Configuration (view source)

Revision as of 17:17, 27 September 2024

2,287 bytes removed , 27 September

no edit summary

Line 15: Line 15:

----'''Configuration topology''':

−

[[File:~~709156_2~~.~~1.png~~|alt=|1100px|border|class=tlt-border]]

+

[[File:IPsec-Wiki.jpg|alt=|1100px|border|class=tlt-border]]

RUT1 – It will be connected to a RUT2 to be able to reach RUT2 LAN subnet. RUT1 has a LAN subnet of 192.168.1.1/24 and a WAN with private IP.

Line 42: Line 42:

# Authentication method - '''''Pre-shared key;'''''

# Pre shared key - '''''Your chosen password (must match for both RUT1 & RUT2)'''''

−

[[File:~~RutOS_IPsec_config_ex_7.8_rut1~~.png|border|class=tlt-border|center]]

+

[[File:IPsec-Client-Config-redacted.png|border|class=tlt-border|center]]

+

====Connection general section configuration====

----

Line 50: Line 51:

# Default Route – '''''ON'''''

# Key exchange - '''''IKEv2;'''''

−

+

[[File:IPsec-Client-Config2.png|border|class=tlt-border|center]]

−

[[File:~~RutOS_IPsec_tunnel_with_certificates_7.8_add_ipsec_config_connection~~.png|border|class=tlt-border|center]]

====Proposal configuration====

Line 57: Line 57:

----

'''Note:''' ''This is only an example of a secure configuration. Other algorithms or even combinations of them could be used. However, we strongly recommend refraining from using older encryption and hashing algorithms unless support for certain legacy systems is required.''

−

~~Make the following changes:~~

−

~~<table class="nd-othertables_2">~~

−

~~<tr>~~

−

~~<th width=330; style="border-bottom: 1px solid white;></th>~~

−

~~<th width=800; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_webui_manual_IPsec_configuration_proposal_phase1_settings_v1.png|border|class=tlt-border|671x336px|center]]</th>~~

−

~~</tr>~~

−

~~<tr>~~

−

~~<td style="border-bottom: 4px solid white>~~

−

~~# Encryption - '''''AES256;'''''~~

−

~~# Authentication - '''''SHA512;'''''~~

−

~~# DH group - '''''MODP4096;'''''~~

−

~~# IKE lifetime - '''86400s'''.~~

−

~~</td>~~

−

~~</tr>~~

−

~~</table>~~

−

~~----~~

−

~~<table class="nd-othertables_2">~~

−

~~<tr>~~

−

~~<th width=330; style="border-bottom: 1px solid white;></th>~~

−

~~<th width=800; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_webui_manual_IPsec_configuration_proposal_phase2_settings_v1.png|border|class=tlt-border|644x331px|center]]</th>~~

−

~~</tr>~~

−

~~<tr>~~

−

~~<td style="border-bottom: 4px solid white>~~

−

~~# Encryption - '''''AES256;'''''~~

−

~~# Authentication - '''''SHA512;'''''~~

−

~~# PFS group - '''''MODP4096;'''''~~

−

~~# Lifetime – '''''86400s;'''''~~

−

~~</td>~~

−

~~</tr>~~

−

~~</table>~~

===IPsec RUT2 Config===

Line 104: Line 72:

# Authentication method - '''''Pre-shared key;'''''

# Pre shared key - '''''Your chosen password (must match for both RUT1 & RUT2)'''''

−

[[File:~~RutOS_IPsec_config_ex_7.8_rut2222~~.png|border|class=tlt-border|center]]

+

[[File:IPsec-Server-Config5.png|border|class=tlt-border|center]]

+

====Connection general section configuration====

----

Line 112: Line 82:

# Default Route – '''''ON'''''

# Key exchange - '''''IKEv2;'''''

+

[[File:IPsec-Server-Config4.png|border|class=tlt-border|center]]

−

~~[[File:RutOS_IPsec_tunnel_with_certificates_7.8_add_ipsec_config_connection_rut2_general.png|border|class=tlt-border|center]]~~

====Proposal configuration====

'''Important:''' Both the RUT1 and RUT2 Encryptions must match in order for this configuration to work.

----

'''Note:''' ''This is only an example of a secure configuration. Other algorithms or even combinations of them could be used. However, we strongly recommend refraining from using older encryption and hashing algorithms unless support for certain legacy systems is required.''

−

~~Make the following changes:~~

−

~~<table class="nd-othertables_2">~~

−

~~<tr>~~

−

~~<th width=330; style="border-bottom: 1px solid white;></th>~~

−

~~<th width=800; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_webui_manual_IPsec_configuration_proposal_phase1_settings_v1.png|border|class=tlt-border|671x336px|center]]</th>~~

−

~~</tr>~~

−

~~<tr>~~

−

~~<td style="border-bottom: 4px solid white>~~

−

~~# Encryption - '''''AES256;'''''~~

−

~~# Authentication - '''''SHA512;'''''~~

−

~~# DH group - '''''MODP4096;'''''~~

−

~~# IKE lifetime - '''86400s'''.~~

−

~~</td>~~

−

~~</tr>~~

−

~~</table>~~

−

~~----~~

−

~~<table class="nd-othertables_2">~~

−

~~<tr>~~

−

~~<th width=330; style="border-bottom: 1px solid white;></th>~~

−

~~<th width=800; style="border-bottom: 1px solid white;" rowspan=2>[[File:Networking_webui_manual_IPsec_configuration_proposal_phase2_settings_v1.png|border|class=tlt-border|644x331px|center]]</th>~~

−

~~</tr>~~

−

~~<tr>~~

−

~~<td style="border-bottom: 4px solid white>~~

−

~~# Encryption - '''''AES256;'''''~~

−

~~# Authentication - '''''SHA512;'''''~~

−

~~# PFS group - '''''MODP4096;'''''~~

−

~~# Lifetime – '''''86400s;'''''~~

−

~~</td>~~

−

~~</tr>~~

−

~~</table>~~

====Advanced configuration====

Line 190: Line 128:

**[[PPTP configuration examples RutOS|PPTP configuration examples]]

**[[L2TP configuration examples RutOS|L2TP configuration examples]]

+

**[[https://wiki.teltonika-networks.com/view/IPsec_RUTOS_configuration_example|IPsec RUTOS Configuration Example]]

[[Category:VPN]]

Leonardo.M

Administrators

14

edits