0
edits
Changes
IPsec RUTOS configuration example (view source)
Revision as of 19:54, 29 March 2022
, 19:54, 29 March 2022Changed images from thumbnail to basic.
----'''Configuration topology''':
----'''Configuration topology''':
[[File:IPsec RUTOS Topology.png|alt=|541x541px]]
[[File:IPsec RUTOS Topology.png|alt=|541x541px|border|class=tlt-border]]
The figure above depicts a RUTX11 with a Public IP connected by an IPsec tunnel via the Internet to a RUT955.
The figure above depicts a RUTX11 with a Public IP connected by an IPsec tunnel via the Internet to a RUT955.
==Router configuration==
==Router configuration==
If you have familiarized yourself with the configuration schemes and have all of the devices in order, we can start configuring the routers using instructions provided in this section.
If you have familiarized yourself with the configuration schemes and have all of the devices in order, we can start configuring the routers using instructions provided in this section.
===RUTX11 ===
=== RUTX11===
----First of, lets configure the VPN IPsec instance from RUTX11's side:
----First of, lets configure the VPN IPsec instance from RUTX11's side:
*Login to the router's WebUI and go to '''Services → VPN → IPsec'''. Enter a custom name (for this example we use ''test'') for the IPsec instance click the "Add" button:
*Login to the router's WebUI and go to '''Services → VPN → IPsec'''. Enter a custom name (for this example we use ''test'') for the IPsec instance click the "Add" button:
[[File:IPsec RUTOS RUTX11 Instance.png|alt=|1156x1156px]]
[[File:IPsec RUTOS RUTX11 Instance.png|alt=|993x993px|border|class=tlt-border]]
----
----
*Click the "Edit" button located next to the newly created instance and set up the configuration according to the network:
*Click the "Edit" button located next to the newly created instance and set up the configuration according to the network:
[[File:Wiki3.png|alt=|center|930x930px]]
[[File:Wiki3.png|alt=|center|930x930px|border|class=tlt-border]]
*Below are explanations of the parameters highlighted in the figure above. Other parameters (not highlighted) are defaults. You can find descriptions for these parameters in the '''[[VPN#IPsec|VPN manual page, IPsec section]]'''
*Below are explanations of the parameters highlighted in the figure above. Other parameters (not highlighted) are defaults. You can find descriptions for these parameters in the '''[[VPN#IPsec|VPN manual page, IPsec section]]'''
**'''Enable''' - enables the IPsec instance
**'''Enable''' - enables the IPsec instance
'''NOTE''': remember to replace certain parameter values (like IP addresses) with your own relevant data.
'''NOTE''': remember to replace certain parameter values (like IP addresses) with your own relevant data.
* IKE lifetime must be added and can be any desired value.
*IKE lifetime must be added and can be any desired value.
[[File:IPsec RUTX11 Phase 1.png|center|714x714px|class=tlt-border|alt=]]
[[File:IPsec RUTX11 Phase 1.png|center|thumb|714x714px]]
* Phase 1 & Phase 2 details should be the same with that of the RUT955 P1 & P2 details or else the tunnel will not be properly established.
* Phase 1 & Phase 2 details should be the same with that of the RUT955 P1 & P2 details or else the tunnel will not be properly established.
[[File:IPsec RUTX11 Phase 2.png|center|719x719px|border|class=tlt-border|alt=]]
===RUT955===
===RUT955 ===
----Similarly, the configuration for the VPN IPsec instance from RUT955's side is as follows:
----Similarly, the configuration for the VPN IPsec instance from RUT955's side is as follows:
[[File:IPsec RUT955 instance.png|alt=|1150x1150px]]
[[File:IPsec RUT955 instance.png|alt=|993x993px|border|class=tlt-border]]
* In this case, Remote endpoint should be RUTX11's Public IP:
*In this case, Remote endpoint should be RUTX11's Public IP:
[[File:IPsec RUT955 config.png|center|thumb|762x762px]]
[[File:IPsec RUT955 config.png|center|762x762px|class=tlt-border|alt=]]
----
----
*The last step in configuring the IPsec instances is '''Phase settings'''. Make sure they match with the Phase settings (both Phase 1 and Phase 2) of the RUTX11's connection:
* The last step in configuring the IPsec instances is '''Phase settings'''. Make sure they match with the Phase settings (both Phase 1 and Phase 2) of the RUTX11's connection:
[[File:IPsec RUT955 phase 1.png|alt=|center|789x789px]]
[[File:IPsec RUT955 phase 1.png|alt=|center|789x789px|border|class=tlt-border]]
[[File:IPsec RUT955 phase 2.png|center|thumb|734x734px]]
[[File:IPsec RUT955 phase 2.png|center|734x734px|border|class=tlt-border|alt=]]
If you've followed all the steps presented above, your configuration should be finished. But as with any other configuration, it is always wise to test the setup in order to make sure that it works properly. To test an IPsec connection, you could use the command “ipsec status” in CLI. It will show the status of the IPsec Connection similar to the ones shown bellow. You can also '''ping''' the opposite instance's VPN IP address. To use a ping command, type '''ping <ip_address>''' and press the "Enter" key on your keyboard:
If you've followed all the steps presented above, your configuration should be finished. But as with any other configuration, it is always wise to test the setup in order to make sure that it works properly. To test an IPsec connection, you could use the command “ipsec status” in CLI. It will show the status of the IPsec Connection similar to the ones shown bellow. You can also '''ping''' the opposite instance's VPN IP address. To use a ping command, type '''ping <ip_address>''' and press the "Enter" key on your keyboard:
[[File:IPsec RUTX11 result.png|alt=|903x903px]]
[[File:IPsec RUTX11 result.png|alt=|903x903px|border|class=tlt-border]]
[[File:IPsec RUT955 result.png|left|thumb|903x903px]]
[[File:IPsec RUT955 result.png|left|903x903px|class=tlt-border|alt=]]