0
edits
Changes
IPsec RUTOS configuration example (view source)
Revision as of 16:27, 7 April 2022
, 16:27, 7 April 2022no edit summary
----First of all, lets configure the VPN IPsec instance from RUTX11's side:
----First of all, lets configure the VPN IPsec instance from RUTX11's side:
*Login to the router's WebUI and go to '''Services → VPN → IPsec'''. Enter a custom name (for this example we use ''test'') for the IPsec instance click the "Add" button:
*Login to the router's WebUI and go to '''Services → VPN → IPsec'''. Enter a custom name (for this example we use ''test'') for the IPsec instance click the "Add" button:
[[File:IPsec RUT955 instance2.png|alt=|border|992x992px]]
[[File:IPsec RUT955 instance2.png|alt=|border|992x992px|border|class=tlt-border]]
----
----
*Click the "Edit" button located next to the newly created instance and set up the configuration according to the network:
*Click the "Edit" button located next to the newly created instance and set up the configuration according to the network:
[[File:IPsec RUT955 config 2.png|alt=|border|center|930x930px]]
[[File:IPsec RUT955 config 2.png|alt=|border|center|930x930px|class=tlt-border]]
*Below are explanations of the parameters highlighted in the figure above. Other parameters (not highlighted) are defaults. You can find descriptions for these parameters in the '''[[VPN#IPsec|VPN manual page, IPsec section]]'''
*Below are explanations of the parameters highlighted in the figure above. Other parameters (not highlighted) are defaults. You can find descriptions for these parameters in the '''[[VPN#IPsec|VPN manual page, IPsec section]]'''
**'''Enable''' - enables the IPsec instance
**'''Enable''' - enables the IPsec instance
*IKE lifetime must be added and can be any desired value.
*IKE lifetime must be added and can be any desired value.
[[File:IPsec RUT955 phase 12.png|alt=|center|714x714px]]
[[File:IPsec RUT955 phase 12.png|alt=|center|714x714px|border|class=tlt-border]]
* Phase 1 & Phase 2 details should be the same with that of the RUT955 P1 & P2 details or else the tunnel will not be properly established.
* Phase 1 & Phase 2 details should be the same with that of the RUT955 P1 & P2 details or else the tunnel will not be properly established.
[[File:IPsec RUTX11 Phase 22.png|alt=|border|center|719x719px]]
[[File:IPsec RUTX11 Phase 22.png|alt=|border|center|719x719px|class=tlt-border]]
===RUT955===
===RUT955===
----Similarly, the configuration for the VPN IPsec instance from RUT955's side is as follows:
----Similarly, the configuration for the VPN IPsec instance from RUT955's side is as follows:
[[File:IPsec RUT955 instance2.png|alt=|border|992x992px]]
[[File:IPsec RUT955 instance2.png|alt=|border|992x992px|border|class=tlt-border]]
*In this case, Remote endpoint should be RUTX11's Public IP:
*In this case, Remote endpoint should be RUTX11's Public IP:
[[File:IPsec RUTX11 Config2.png|alt=|center|762x762px]]
[[File:IPsec RUTX11 Config2.png|alt=|center|762x762px|border|class=tlt-border]]
----
----
* The last step in configuring the IPsec instances is '''Phase settings'''. Make sure they match with the Phase settings (both Phase 1 and Phase 2) of the RUTX11's connection:
*The last step in configuring the IPsec instances is '''Phase settings'''. Make sure they match with the Phase settings (both Phase 1 and Phase 2) of the RUTX11's connection:
[[File:IPsec RUT955 phase 12.png|alt=|border|center|789x789px]]
[[File:IPsec RUT955 phase 12.png|alt=|border|center|789x789px|class=tlt-border]]
[[File:IPsec RUTX11 Phase 22.png|alt=|border|center|734x734px]]
[[File:IPsec RUTX11 Phase 22.png|alt=|border|center|734x734px|class=tlt-border]]
After Clicking on “Save & Apply” for both the routers we can try pinging the remote LAN IP to see if its reachable. Also using the command “ipsec status” in CLI will show the status of the IPsec Connection.
After Clicking on “Save & Apply” for both the routers we can try pinging the remote LAN IP to see if its reachable. Also using the command “ipsec status” in CLI will show the status of the IPsec Connection.
==Testing the setup==
==Testing the setup ==
If you've followed all the steps presented above, your configuration should be finished. But as with any other configuration, it is always wise to test the setup in order to make sure that it works properly. To test an IPsec connection, you could use the command “ipsec status” in CLI. It will show the status of the IPsec Connection similar to the ones shown below. You can also '''ping''' the opposite instance's VPN IP address. To use a ping command, type '''ping <ip_address>''' and press the "Enter" key on your keyboard:
If you've followed all the steps presented above, your configuration should be finished. But as with any other configuration, it is always wise to test the setup in order to make sure that it works properly. To test an IPsec connection, you could use the command “ipsec status” in CLI. It will show the status of the IPsec Connection similar to the ones shown below. You can also '''ping''' the opposite instance's VPN IP address. To use a ping command, type '''ping <ip_address>''' and press the "Enter" key on your keyboard:
[[File:IPsec RUTX11 result 2.png|alt=|border|902x902px]]
[[File:IPsec RUTX11 result 3.png|alt=|border|901x901px|border|class=tlt-border]]
[[File:IPsec RUT955 result 2.png|alt=|left|903x903px]]
[[File:IPsec RUT955 result 2.png|alt=|left|903x903px|border|class=tlt-border]]
