0
edits
Changes
no edit summary
* '''Type''' - the type of the connection. '''Transport''' encrypts only the payload and Encapsulating Security Payload (ESP) trailer; so the IP header of the original packet is not encrypted. Transport mode is usually used when another tunneling protocol (such as [[VPN#GRE_Tunnel|GRE]], [[VPN#L2TP|L2TP]]) is used to first encapsulate the IP data packet, then IPsec is used to protect the GRE/L2TP tunnel packets. NAT traversal is not supported with the transport mode.
* '''Type''' - the type of the connection. '''Transport''' encrypts only the payload and Encapsulating Security Payload (ESP) trailer; so the IP header of the original packet is not encrypted. Transport mode is usually used when another tunneling protocol (such as [[VPN#GRE_Tunnel|GRE]], [[VPN#L2TP|L2TP]]) is used to first encapsulate the IP data packet, then IPsec is used to protect the GRE/L2TP tunnel packets. NAT traversal is not supported with the transport mode.
* '''Bind to''' - which interface is going to be bind to the IPsec configuration. The L2TP interface must be selected.
* '''Bind to''' - which interface is going to be bind to the IPsec configuration. The L2TP interface must be selected.
===PC Client===
----
Finally, you need to configure a PC to connect to the VPN configuration. This subsection contains instructions on how to do just that. The relevant parameters will be encapsulated <span style="color:red">'''in red rectangles'''</span>. Explanations about these parameters will be provided under each example.
To configure a windows PC as a client, you can use the already developed VPN function. To do this, select the search bar and type "Add a VPN connection". Then select the "Add VPN" option.
* '''Client configuration''':
[[File:WindowsVPNconfig.png|left|WindowsVPNconfig]]
* '''VPN provider''' - VPN provider to be configured. In our case we select the "Windows (build-in)" option.
* '''Connection name''' - enter a custom name.
* '''Server name or address''' - The server with the VPN configuration to which we are going to connect. In this case, the public IP of the server is entered.
* '''VPN Type''' - Type of VPN to be configured. In our case we select "L2TP/IPsec with pre-shared key".
* '''Pre shared key''' - a shared password used for authentication between the peers. The value of this field must match the other instance.
* '''Type of sign-in info''' - VPN authentication configuration. In our case we select "Username and password".
* '''User name''' and '''Password''' - authentication information used to authenticate connecting clients. The value of this field must match the other instance.
After the configuration is done, save and select connect. After a few seconds our VPN should be connected.
==Testing the setup==
----
If you've followed all the steps presented above, your configuration should be finished. But as with any other configuration, it is always wise to test the setup in order to make sure that it works properly. The simplest way to test an IPsec connection is using the ipsec status command. You can execute this command via a command line interface (CLI). A CLI is present in all RUTxxx routers' WebUIs. To access it, login to the routers' WebUI and navigate to Services → CLI. Login to CLI with the user name root and the router's admin password. Then simply the ipsec status and press the "Enter" key:
As you can see, executing ipsec status displays the number of active/inactive IPsec connections. If the connection you just configured is the only IPsec connection that you're using, you should a 1 up indication next to Security Associations.
To test an L2TP connection. You should then be able to ping the opposite instance, i.e., if you logged in to the server's CLI, you should be able to ping the client's virtual IP address, and vice versa. To use a ping command, type ping <ip_address> and press the "Enter" key on your keyboard:
If the ping requests are successful, congratulations, your setup works! If not, we suggest that you review all steps once more.
==See also==
* Other types of VPNs suported by RUTxxx devices:
** [[L2TP configuration examples]]
** [[IPsec configuration examples]]
** [[GRE Tunnel configuration examples]]
** [[OpenVPN configuration examples]]
** [[PPTP configuration examples]]
