31,703
edits
Changes
→IPsec
====Server (RUT1)====
====Server (RUT1)====
----
----
*
* Login to the router's WebUI and navigate to '''Services → VPN → IPsec'''. Enter a custom name for your IPsec instance and click the "Add" button. Then click the "Edit" button located next to the newly created instance after which you will redirected to that instance's configuration window. Adhere to the configurations presented in the figure below:
[[File:L2tp over ipsec ipsec server.png]]
[[File:L2tp over ipsec ipsec server.png]]
* '''Enable''' - if checked, enables the IPsec instance
* '''Type''' - the type of the connection. '''Transport''' encrypts only the payload and Encapsulating Security Payload (ESP) trailer; so the IP header of the original packet is not encrypted. Transport mode is usually used when another tunneling protocol (such as [[VPN#GRE_Tunnel|GRE]], [[VPN#L2TP|L2TP]]) is used to first encapsulate the IP data packet, then IPsec is used to protect the GRE/L2TP tunnel packets. NAT traversal is not supported with the transport mode
* '''Pre shared key''' - a shared password used for authentication between the peers. The value of this field must match the other instance
* '''Remote VPN endpoint''' - IP address or hostname of the remote IPsec instance. '''Leave empty''' for the server configuration
====Client (RUT2)====
====Client (RUT2)====
====Testing the connection====
====Testing the connection====
----
----
When you're done with the configuration, you should test whether it works before you move on. The simplest way to test an IPsec connection is using the '''ipsec status''' command. You can execute this command via a command line interface (CLI). A CLI is present in all RUTxxx routers' WebUIs. To access it, login to one of the routers's WebUI (doesn't matter which one) and navigate to '''Services → CLI'''. Login to CLI with the user name '''root''' and the router's admin password. Then simply the ''ipsec status'' and press the "Enter" key:
When you're done with the configuration, you should test whether it works before you move on. The simplest way to test an IPsec connection is using the '''ipsec status''' command. You can execute this command via a command line interface (CLI). A CLI is present in all RUTxxx routers' WebUIs. To access it, login to one of the routers' WebUI (doesn't matter which one) and navigate to '''Services → CLI'''. Login to CLI with the user name '''root''' and the router's admin password. Then simply the ''ipsec status'' and press the "Enter" key:
[[File:Testing ipsec transport example.png]]
[[File:Testing ipsec transport example.png]]
