Changes

1,395 bytes added , 08:48, 19 August 2021

no edit summary

Line 9: Line 9:

The IPsec configuration section is used to configure the main parameters of an IPsec connection. Refer to the figure and table below for information on the configuration fields located in the general settings section.

−

[[File:{{{file_ipsec_config}}}]]

+

[[File:{{{file_ipsec_config}}}|border|class=tlt-border]]

Line 26: Line 26:

<td>yes | no; default: no</td>

<td>Turns the IPv6 address of the left interface on or off</td>

+

</tr>

+

<tr>

+

+

<td>IPv6 address; default: none</td>

+

<td>IPv6 address used as the source. If left empty, uses one of the available global addresses.</td>

</tr>

<tr>

Line 73: Line 78:

</ul>

</td>

+

</tr>

+

<tr>

+

<td>Ignore security</td>

+

<td>yes | no; default: no</td>

+

<td>If enabled responders are allowed to use IKEv1 Aggressive Mode with pre-shared keys. Discouraged to use due to security concerns.</td>

+

</tr>

+

<tr>

+

<td>Use additional xauth authentification</td>

+

<td>yes | no; default: no</td>

+

<td>Turns additional xauth authentification for this instance on or off.</td>

+

</tr>

+

<tr>

+

<td>Xauth password</td>

+

<td>string; default: none</td>

+

<td>Password for xauth.</td>

</tr>

<tr>

Line 143: Line 163:

<td>ip/netmask; default: none</td>

<td>Remote network IP address and subnet mask used to determine which part of the network can be accessed in the VPN network. Netmask range [0..32]. This value must differ from the device’s LAN IP</td>

+

</tr>

+

<tr>

+

+

<td>Select networks which should be passthrough and excluded from routing through tunnel</td>

</tr>

<tr>

Line 153: Line 177:

<td>yes | no; default: no</td>

<td>Allows WebUI access for hosts in the VPN network</td>

+

</tr>

+

<tr>

+

<td>Compatibility mode</td>

+

<td>yes | no; default: no</td>

+

<td>Enable this if multiple subnets do not work with a 3rd party IPsec peer.</td>

</tr>

<tr>

Line 163: Line 192:

Additional notes:

<ul>

−

<li>Some configuration fields become available only when certain other parameters are selected~~. The names of the parameters are followed by a prefix that specifies the authentication type under which they become visible~~. Different color codes are used for different ~~prefixes~~:

+

<li>Some configuration fields become available only when certain other parameters are selected. Different color codes are used for different parameters:

<ul>

Line 265: Line 294:

===Pre-shared keys===

----

−

A pre-shared key is a secret password used for authentication between IPsec peers before a secure tunnel is established. To create a new key, click the 'Add' button.

+

A pre-shared key is a secret password used for authentication between IPsec peers

+

before a secure tunnel is established. During authentication device will try to check if

+

connection matches any Secret's ID selector and then the pre-shared key from

+

the first match will be used.

+

To create a new key, click the 'Add' button.

−

The figure below is an example of the Pre-shared keys section and the table below provides information on configuration fields contained in that section:

+

The figure below is an example of the Pre-shared keys section and the table

+

below provides information on configuration fields contained in that section:

[[File:{{{file_ipsec_psk}}}]]

Gytispieze

Bureaucrats, Interface administrators, Administrators

9,590

edits

Changes

Template:Networking rut2xx manual vpn ipsec (view source)

Revision as of 08:48, 19 August 2021