31,703
edits
Changes
Template:Networking rut manual vpn (view source)
Revision as of 13:49, 1 July 2019
, 13:49, 1 July 2019→IPsec
<tr>
<tr>
<td>Left firewall</td>
<td>Left firewall</td>
<td>yes | no; Default: <b>yes</b></td>
<td>off | on; Default: <b>on</b></td>
<td>Excludes IPsec instance from firewall rules.</td>
<td>Adds neccessary firewall rules to allow traffic of this IPsec instance on this router.</td>
</tr>
</tr>
<tr>
<tr>
<td>Force encapsulation</td>
<td>Force encapsulation</td>
<td>yes | no; Default: <b>no</b></td>
<td>yes | no; Default: <b>no</b></td>
<td>Forces UDP encapsulation for ESP packets even if no NAT situation is detected.</td>
<td>Forces UDP encapsulation for ESP packets even if a "no NAT" situation is detected.</td>
</tr>
</tr>
<tr>
<tr>
<td><span style="color: #0054a6;">Dead Peer Detection:</span> Timeout (sec)</td>
<td><span style="color: #0054a6;">Dead Peer Detection:</span> Timeout (sec)</td>
<td>integer; Default: <b>none</b></td>
<td>integer; Default: <b>none</b></td>
<td>Time limit after the IPsec instance will stop checking the availability of a peer and determine it to be "dead" if no response is received.</td>
<td>Time limit after which the IPsec instance will stop checking the availability of a peer and determine it to be "dead" if no response is received.</td>
</tr>
</tr>
<tr>
<tr>
<td><span style="color: red;">Tunnel:</span> Remote IP address/subnet mask</td>
<td><span style="color: red;">Tunnel:</span> Remote IP address/subnet mask</td>
<td>ip/netmask; Default: <b>none</b></td>
<td>ip/netmask; Default: <b>none</b></td>
<td>Remote network IP address and subnet mask used to determine which part of the network can be accessed in the VPN network. Netmask range [0..32]. This values must differ from the device’s LAN IP.</td>
<td>Remote network IP address and subnet mask used to determine which part of the network can be accessed in the VPN network. Netmask range [0..32]. This value must differ from the device’s LAN IP.</td>
</tr>
</tr>
<tr>
<tr>
<td>Right firewall</td>
<td>Right firewall</td>
<td>yes | no; Default: <b>yes</b></td>
<td>yes | no; Default: <b>yes</b></td>
<td>Excludes remote side IPsec instance from firewall rules.</td>
<td>Adds neccessary firewall rules to allow traffic of from the opposite IPsec instance on this router.</td>
</tr>
</tr>
<tr>
<tr>
<b>Additional notes</b>:
<b>Additional notes</b>:
<ul>
<ul>
<li>Some configuration fields become available only when certain other parameters are selected. The names of the parameters are followed by a prefix that specifies the authentication type under which they become visible. Different color codes are used for different praefixa:
<li>Some configuration fields become available only when certain other parameters are selected. The names of the parameters are followed by a prefix that specifies the authentication type under which they become visible. Different color codes are used for different prefixes:
<ul>
<ul>
<li>Red for <span style="color: red;">Type: Tunnel</span></li>
<li>Red for <span style="color: red;">Type: Tunnel</span></li>
===Phase settings===
===Phase settings===
----
----
IKE (Internet Key Exchange) is a protocol used to set up security associations (SAs) for the IPsec connection. This process is required before any IPsec tunnel can be established. It is done in two phases:
IKE (Internet Key Exchange) is a protocol used to set up security associations (SAs) for the IPsec connection. This process is required before the IPsec tunnel can be established. It is done in two phases:
<table border=1; style="border-collapse: collapse;">
<table border=1; style="border-collapse: collapse;">
