Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | |||
|
configuration:ipsec [2020/06/30 06:50] dodenhoeft [Network setup] |
configuration:ipsec [2023/11/23 13:25] (current) fachet |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== IPsec ====== | + | ====== IPsec ====== |
| IPSec (Internet Protocol Security) is a collection of protocol extensions for the Internet Protocol (IP). The official information on encryption and authentication of those responsible for IP information and security for secure communication in IP rights such as the Internet. | IPSec (Internet Protocol Security) is a collection of protocol extensions for the Internet Protocol (IP). The official information on encryption and authentication of those responsible for IP information and security for secure communication in IP rights such as the Internet. | ||
| Line 61: | Line 61: | ||
| - | ^SideA^^Backend^^ | + | ^SideA^ ^ ^ ^Backend^ |
| - | ^Local WAN^Remote WAN^Local WAN^Remote WAN^ | + | ^Local WAN^Remote WAN - >^ ^< - Remote WAN^Local WAN^ |
| - | |10.10.10.1|10.10.10.2|10.10.10.2|10.10.10.1| | + | |10.10.10.1|10.10.10.2 | |10.10.10.1|10.10.10.2| |
| - | ^General^Parameter^General^Parameter^ | + | ^General^Parameter^-^General^Parameter^ |
| - | |Remote peer address|10.10.10.2|Remote peer address|0.0.0.0| | + | |Remote peer address|10.10.10.2| |Remote peer address|0.0.0.0| |
| - | ^Dead Peer Detection(DPD)^Parameter^Dead Peer Detection(DPD)^Parameter^ | + | ^Dead Peer Detection(DPD)^Parameter^ ^Dead Peer Detection(DPD)^Parameter^ |
| - | |Detection cycle|30 sec|Detection cycle|30 sec| | + | |Detection cycle|30 sec| |Detection cycle|30 sec| |
| - | |Failure threshold|3|Failure threshold|3| | + | |Failure threshold|3| |Failure threshold|3| |
| - | |Action|hold|Action|hold| | + | |Action|hold| |Action|hold| |
| - | ^Authentication^Parameter^Authentication^Parameter^ | + | ^Authentication^Parameterc^ ^Authentication^Parameter^ |
| - | |Key exchange|IKEv2|Key exchange|IKEv2| | + | |Key exchange|IKEv2| |Key exchange|IKEv2| |
| - | |Authentication type|pre shared key|Authentication type|pre shared key| | + | |Authentication type|pre shared key| |Authentication type|pre shared key| |
| - | |PSK|"TopSecret01"|PSK|"TopSecret01"| | + | |PSK|"TopSecret01"| |PSK|"TopSecret01"| |
| - | |Local ID type|FQDN|Local ID type|FQDN| | + | |Local ID type|FQDN| |Local ID type|FQDN| |
| - | |Local ID|"sideA"|Local ID|"backend"| | + | |Local ID|"sideA"| |Local ID|"backend"| |
| - | |Peer ID type|FQDN| Peer ID type|FQDN| | + | |Peer ID type|FQDN| | Peer ID type|FQDN| |
| - | |Peer ID|"backend"|Peer ID|"sideA"| | + | |Peer ID|"backend"| |Peer ID|"sideA"| |
| - | ^IKE Proposal - Phase1^Parameter^IKE Proposal - Phase1^Parameter^ | + | ^IKE Proposal - Phase1^Parameter^ ^IKE Proposal - Phase1^Parameter^ |
| - | |Negotiation mode|aggressive|Negotiation mode|aggressive| | + | |Negotiation mode|aggressive| |Negotiation mode|aggressive| |
| - | |Encryption algorithm|AES256|Encryption algorithm|AES256| | + | |Encryption algorithm|AES256| |Encryption algorithm|AES256| |
| - | |Authentication algorithm|SHA256|Authentication algorithm|SHA256| | + | |Authentication algorithm|SHA256| |Authentication algorithm|SHA256| |
| - | |Diffie-Hellman group|Group14(modp2048)|Diffie-Hellman group|Group14(modp2048)| | + | |Diffie-Hellman group|Group14(modp2048)| |Diffie-Hellman group|Group14(modp2048)| |
| - | |Pseudo-random function|undefined|Pseudo-random function|undefined| | + | |Pseudo-random function|undefined| |Pseudo-random function|undefined| |
| - | |SA life time|86400 sec|SA life time|86400 sec| | + | |SA life time|86400 sec| |SA life time|86400 sec| |
| - | ^IPsec Proposal - Phase2^Parameter^IPsec Proposal - Phase2^Parameter^ | + | ^IPsec Proposal - Phase2^Parameter^ ^IPsec Proposal - Phase2^Parameter^ |
| - | |Encapsulation mode|Tunnel|Encapsulation mode|Tunnel| | + | |Encapsulation mode|Tunnel| |Encapsulation mode|Tunnel| |
| - | |IPsec protocol|ESP|IPsec protocol|ESP| | + | |IPsec protocol|ESP| |IPsec protocol|ESP| |
| - | |Encryption algorithm|AES256|Encryption algorithm|AES256| | + | |Encryption algorithm|AES256| |Encryption algorithm|AES256| |
| - | |Authentication algorithm|SHA256|Authentication algorithm|SHA256| | + | |Authentication algorithm|SHA256| |Authentication algorithm|SHA256| |
| - | |SA life time|28800 sec|SA life time|28800 sec| | + | |SA life time|28800 sec| |SA life time|28800 sec| |
| - | |Perfect forward secrecy (PFS)|disable|Perfect forward secrecy (PFS)|disable| | + | |Perfect forward secrecy (PFS)|disable| |Perfect forward secrecy (PFS)|disable| |
| - | |Force encapsulation|enable|Force encapsulation|enable| | + | |Force encapsulation|enable| |Force encapsulation|enable| |
| - | ^Networks^Parameter^Networks^Parameter^ | + | ^Networks^Parameter^ ^Networks^Parameter^ |
| - | |Local network|192.168.1.0|Local network|192.168.2.0| | + | |Local network|192.168.1.0| |Local network|192.168.2.0| |
| - | |Local netmask|24|Local netmask|24| | + | |Local netmask|24| |Local netmask|24| |
| - | |Remote network|192.168.2.0|Remote network|192.168.1.0| | + | |Remote network|192.168.2.0| |Remote network|192.168.1.0| |
| - | |Remote netmask|24|Remote netmask|24| | + | |Remote netmask|24| |Remote netmask|24| |
| All necessary firewall rules for the IPsec functionality will be set automatically, with the enable of the IPsec service. | All necessary firewall rules for the IPsec functionality will be set automatically, with the enable of the IPsec service. | ||