Line 352: |
Line 352: |
| | | |
| - IKE lifetime: `3h` | | - IKE lifetime: `3h` |
− | [Screenshot Here] | + | <br> |
| + | |
| + | [[File:RUT1 IPSec Proposal Settings Phase1.png|frame|none]] |
| + | |
| + | <br> |
| | | |
| * Phase 2 | | * Phase 2 |
Line 365: |
Line 369: |
| | | |
| - IKE lifetime: `3h` | | - IKE lifetime: `3h` |
− | [Screenshot Here] | + | <br> |
| + | |
| + | [[File:RUT1 IPSec Proposal Settings Phase2.png|frame|none]] |
| | | |
| + | <br> |
| | | |
| * Hit 'Save & Apply' | | * Hit 'Save & Apply' |
| * Toggle the CA_EX tunnel on and hit 'Save & Apply' once more | | * Toggle the CA_EX tunnel on and hit 'Save & Apply' once more |
− | [Screenshot Here] | + | <br> |
| + | [[File:RUT1 IPSec Toggle On Save And Apply.png|frame|none]] |
| | | |
| + | <br> |
| * Reboot the device once you have finished. | | * Reboot the device once you have finished. |
| | | |
Line 381: |
Line 390: |
| * Login to the router's WebUI and go to '''System → Services → VPN -> IPsec''' | | * Login to the router's WebUI and go to '''System → Services → VPN -> IPsec''' |
| * Add a new instance called `CA_EX` | | * Add a new instance called `CA_EX` |
− | [Screenshot Here] | + | <br> |
| + | |
| + | [[File:IPSec_RUT1_Config_Add_CA_EX.png|frame|none]] |
| + | |
| + | <br> |
| | | |
| * IPsec Instance General settings configuration as follows: | | * IPsec Instance General settings configuration as follows: |
Line 400: |
Line 413: |
| | | |
| - Remote identifier: `192.168.3.1` // We will use the LAN IP of RUT1 for the Identifier | | - Remote identifier: `192.168.3.1` // We will use the LAN IP of RUT1 for the Identifier |
− | [Screenshot Here] | + | <br> |
| + | |
| + | [[File:RUT2 IPSec Instance General Settings Configuration.png|frame|none]] |
| | | |
| + | <br> |
| | | |
| * Connection settings Advanced settings configuration as follows: | | * Connection settings Advanced settings configuration as follows: |
| | | |
| - Remote certificate: `RUT1.cert.pem` // Upload RUT1 cert we created earlier. | | - Remote certificate: `RUT1.cert.pem` // Upload RUT1 cert we created earlier. |
− | [Screenshot Here] | + | <br> |
| + | |
| + | [[File:RUT2 IPSec Instance Advanced Settings Configuration.png|frame|none]] |
| + | |
| + | <br> |
| | | |
| * Connection settings General settings configuration as follows: | | * Connection settings General settings configuration as follows: |
Line 422: |
Line 442: |
| | | |
| - Key exchange: `IKEv2` | | - Key exchange: `IKEv2` |
− | [Screenshot Here] | + | <br> |
| + | |
| + | [[File:RUT2 IPSec Connection Settings General Settings Configuration.png|frame|none]] |
| | | |
| + | <br> |
| | | |
| * Connection settings Advanced settings configuration as follows: | | * Connection settings Advanced settings configuration as follows: |
Line 444: |
Line 467: |
| | | |
| - The rest of the configuration leave as default | | - The rest of the configuration leave as default |
− | [Screenshot Here] | + | <br> |
| + | |
| + | [[File:RUT2 IPSec Connection Settings Advanced Settings Configuration.png|frame|none]] |
| | | |
| + | <br> |
| | | |
| * Connection settings Proposal settings configuration as follows: | | * Connection settings Proposal settings configuration as follows: |
Line 460: |
Line 486: |
| | | |
| - IKE lifetime: `3h` | | - IKE lifetime: `3h` |
− | [Screenshot Here] | + | <br> |
| + | |
| + | [[File:RUT2 IPSec Proposal Settings Phase1.png|frame|none]] |
| + | |
| + | <br> |
| | | |
| * Phase 2 | | * Phase 2 |
Line 473: |
Line 503: |
| | | |
| - IKE lifetime: `3h` | | - IKE lifetime: `3h` |
− | [Screenshot Here] | + | <br> |
| + | |
| + | [[File:RUT2 IPSec Proposal Settings Phase2.png|frame|none]] |
| | | |
| + | <br> |
| | | |
| * Hit 'Save & Apply' | | * Hit 'Save & Apply' |
| * Toggle the CA_EX tunnel on and hit 'Save & Apply' once more | | * Toggle the CA_EX tunnel on and hit 'Save & Apply' once more |
− | [Screenshot Here] | + | <br> |
| + | |
| + | [[File:RUT2 IPSec Toggle On Save And Apply.png|frame|none]] |
| + | |
| + | <br> |
| | | |
| * Reboot the device once you have finished. | | * Reboot the device once you have finished. |
Line 496: |
Line 533: |
| * SSH into RUT1 device | | * SSH into RUT1 device |
| * `ipsec statusall` // This should show 2 up with Security Associations and that the connection should be up for some minutes. You should also see the Cert info from the certs we created earlier. | | * `ipsec statusall` // This should show 2 up with Security Associations and that the connection should be up for some minutes. You should also see the Cert info from the certs we created earlier. |
| + | <br> |
| [Screenshot Here] | | [Screenshot Here] |
| | | |
| + | <br> |
| * `ping 192.168.14.1` // You should get a response if the tunnel has established properly | | * `ping 192.168.14.1` // You should get a response if the tunnel has established properly |
| [Screenshot Here] | | [Screenshot Here] |