This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
configuration:ipsec [2020/06/30 06:25] dodenhoeft |
configuration:ipsec [2020/06/30 06:27] dodenhoeft [Network setup] |
||
---|---|---|---|
Line 91: | Line 91: | ||
|Authentication algorithm|SHA256|Authentication algorithm|SHA256| | |Authentication algorithm|SHA256|Authentication algorithm|SHA256| | ||
|SA life time|28800 sec|SA life time|28800 sec| | |SA life time|28800 sec|SA life time|28800 sec| | ||
- | |Perfect forward secrecy (PFS)| - |Perfect forward secrecy (PFS)| - | | + | |Perfect forward secrecy (PFS)|disable|Perfect forward secrecy (PFS)|disable| |
|Force encapsulation|enable|Force encapsulation|enable| | |Force encapsulation|enable|Force encapsulation|enable| | ||
^Networks^Parameter^Networks^Parameter^ | ^Networks^Parameter^Networks^Parameter^ | ||
Line 98: | Line 98: | ||
|Remote network|192.168.2.0|Remote network|192.168.1.0| | |Remote network|192.168.2.0|Remote network|192.168.1.0| | ||
|Remote netmask|24|Remote netmask|24| | |Remote netmask|24|Remote netmask|24| | ||
+ | |||
+ | All necessary firewall rules for the IPsec functionality will be set automatically, with the enable of the IPsec service. | ||
- | ==== SideB ==== | ||
- | ^Local WAN^Remote WAN^ | ||
- | |10.10.10.2|10.10.10.1| | ||
- | ^General^Parameter^ | ||
- | |Remote peer address|10.10.10.1| | ||
- | ^Dead Peer Detection(DPD)^Parameter^ | ||
- | |Detection cycle|30 sec| | ||
- | |Failure threshold|3| | ||
- | |Action|hold| | ||
- | ^Authentication^Parameter^ | ||
- | |Key exchange|IKEv2| | ||
- | |Authentication type|pre shared key| | ||
- | |PSK|"TopSecret01"| | ||
- | |Local ID type|FQDN| | ||
- | |Local ID|"sideB"| | ||
- | |Peer ID type|FQDN| | ||
- | |Peer ID|"sideA"| | ||
- | ^IKE Proposal - Phase1^Parameter^ | ||
- | |Negotiation mode|aggressive| | ||
- | |Encryption algorithm|AES256| | ||
- | |Authentication algorithm|SHA256| | ||
- | |Diffie-Hellman group|Group14(modp2048)| | ||
- | |Pseudo-random function|undefined| | ||
- | |SA life time|86400 sec| | ||
- | ^IPsec Proposal - Phase2^Parameter^ | ||
- | |Encapsulation mode|Tunnel| | ||
- | |IPsec protocol|ESP| | ||
- | |Encryption algorithm|AES256| | ||
- | |Authentication algorithm|SHA256| | ||
- | |SA life time|28800 sec| | ||
- | |Perfect forward secrecy (PFS)| - | | ||
- | |Force encapsulation|enable| | ||
- | ^Networks^Parameter^ | ||
- | |Local network|192.168.2.0| | ||
- | |Local netmask|24| | ||
- | |Remote network|192.168.1.0| | ||
- | |Remote netmask|24| | ||
- | All necessary firewall rules for the IPsec functionality will be set automatically, with the enable of the IPsec service. | ||
===== Server mode ===== | ===== Server mode ===== |