NetModule Router Wiki

User Tools

Site Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
configuration:ipsec [2020/06/30 06:12]
dodenhoeft 		configuration:ipsec [2023/11/23 13:25] (current)
fachet
Line 1: Line 1:
-====== IPsec ======+  ​====== IPsec ======
  
 IPSec (Internet Protocol Security) is a collection of protocol extensions for the Internet Protocol (IP). The official information on encryption and authentication of those responsible for IP information and security for secure communication in IP rights such as the Internet. IPSec (Internet Protocol Security) is a collection of protocol extensions for the Internet Protocol (IP). The official information on encryption and authentication of those responsible for IP information and security for secure communication in IP rights such as the Internet.
Line 54: Line 54:
  
 ===== Network setup ===== ===== Network setup =====
-For this configuration we will use the most common mode, __**the tunnel mode**__.+For this configuration we will use the most common mode, __**the tunnel mode**__. For this example we are using PSK as authentification method.
  
 {{:​configuration:​ipsec1.png|}} {{:​configuration:​ipsec1.png|}}
Line 61: Line 61:
  
  
-^SideA^^^Backend^ +^SideA^ ^ ^Backend^ 
-^Local WAN^Remote WAN^Local WAN^Remote WAN^ +^Local WAN^Remote WAN - >^ ^< - Remote ​WAN^Local ​WAN^ 
-|10.10.10.1|10.10.10.2| +|10.10.10.1|10.10.10.2 | |10.10.10.1|10.10.10.2| 
-^General^Parameter^ +^General^Parameter^-^General^Parameter^ 
-|Remote peer address|10.10.10.2| +|Remote peer address|10.10.10.2| |Remote peer address|0.0.0.0
-^Dead Peer Detection(DPD)^Parameter^ +^Dead Peer Detection(DPD)^Parameter^ ​^Dead Peer Detection(DPD)^Parameter^ 
-|Detection cycle|30 sec| +|Detection cycle|30 sec| |Detection cycle|30 sec| 
-|Failure threshold|3| ​  +|Failure threshold|3| ​|Failure threshold|3| 
-|Action|hold| +|Action|hold| ​|Action|hold| 
-^Authentication^Parameter^ +^Authentication^Parameterc^ ​^Authentication^Parameter^ 
-|Key exchange|IKEv2| +|Key exchange|IKEv2| ​|Key exchange|IKEv2| 
-|Authentication type|pre shared key|   +|Authentication type|pre shared key| |Authentication type|pre shared key|  
-|PSK|"​TopSecret01"​| ​  +|PSK|"​TopSecret01"​| ​|PSK|"​TopSecret01"​|  
-|Local ID type|FQDN|  +|Local ID type|FQDN| ​|Local ID type|FQDN|  
-|Local ID|"​sideA"​| ​  +|Local ID|"​sideA"​| ​|Local ID|"​backend"​|  
-|Peer ID type|FQDN| ​  +|Peer ID type|FQDN| ​| Peer ID type|FQDN|  
-|Peer ID|"sideB"| +|Peer ID|"backend"​| |Peer ID|"​sideA"| 
-^IKE Proposal - Phase1^Parameter^ +^IKE Proposal - Phase1^Parameter^ ​^IKE Proposal - Phase1^Parameter^ 
-|Negotiation mode|aggressive| ​  +|Negotiation mode|aggressive| ​|Negotiation mode|aggressive| 
-|Encryption algorithm|AES256| ​  +|Encryption algorithm|AES256| ​|Encryption algorithm|AES256|  
-|Authentication algorithm|SHA256|  +|Authentication algorithm|SHA256| ​|Authentication algorithm|SHA256|  
-|Diffie-Hellman group|Group14(modp2048)| +|Diffie-Hellman group|Group14(modp2048)| ​|Diffie-Hellman group|Group14(modp2048)| 
-|Pseudo-random function|undefined| ​  +|Pseudo-random function|undefined| ​|Pseudo-random function|undefined|  
-|SA life time|86400 sec| +|SA life time|86400 sec| |SA life time|86400 sec| 
-^IPsec Proposal - Phase2^Parameter^ +^IPsec Proposal - Phase2^Parameter^ ​^IPsec Proposal - Phase2^Parameter^ 
-|Encapsulation mode|Tunnel| ​  +|Encapsulation mode|Tunnel| ​|Encapsulation mode|Tunnel|  
-|IPsec protocol|ESP|  +|IPsec protocol|ESP| ​|IPsec protocol|ESP|  
-|Encryption algorithm|AES256|  +|Encryption algorithm|AES256| ​|Encryption algorithm|AES256|  
-|Authentication algorithm|SHA256|  +|Authentication algorithm|SHA256| ​|Authentication algorithm|SHA256|  
-|SA life time|28800 sec| +|SA life time|28800 sec| |SA life time|28800 sec| 
-|Perfect forward secrecy (PFS)| ​  +|Perfect forward secrecy (PFS)|disable| |Perfect forward secrecy (PFS)|disable|  
-|Force encapsulation|enable| +|Force encapsulation|enable| ​|Force encapsulation|enable| 
-^Networks^Parameter^ +^Networks^Parameter^ ​^Networks^Parameter^ 
-|Local network|192.168.1.0| +|Local network|192.168.1.0| |Local network|192.168.2.0| 
-|Local netmask|24| +|Local netmask|24| ​|Local netmask|24| 
-|Remote network|192.168.2.0| +|Remote network|192.168.2.0| |Remote network|192.168.1.0| 
-|Remote netmask|24|+|Remote netmask|24| ​|Remote netmask|24| 
 + 
 +All necessary firewall rules for the IPsec functionality will be set automatically,​ with the enable of the IPsec service.
  
  
-==== SideB ==== 
-^Local WAN^Remote WAN^ 
-|10.10.10.2|10.10.10.1| 
-^General^Parameter^ 
-|Remote peer address|10.10.10.1| 
-^Dead Peer Detection(DPD)^Parameter^ 
-|Detection cycle|30 sec| 
-|Failure threshold|3|  
-|Action|hold| 
-^Authentication^Parameter^ 
-|Key exchange|IKEv2| 
-|Authentication type|pre shared key|  
-|PSK|"​TopSecret01"​|  
-|Local ID type|FQDN|  
-|Local ID|"​sideB"​|  
-|Peer ID type|FQDN|  
-|Peer ID|"​sideA"​| 
-^IKE Proposal - Phase1^Parameter^ 
-|Negotiation mode|aggressive|  
-|Encryption algorithm|AES256|  
-|Authentication algorithm|SHA256|  
-|Diffie-Hellman group|Group14(modp2048)| 
-|Pseudo-random function|undefined|  
-|SA life time|86400 sec| 
-^IPsec Proposal - Phase2^Parameter^ 
-|Encapsulation mode|Tunnel|  
-|IPsec protocol|ESP|  
-|Encryption algorithm|AES256|  
-|Authentication algorithm|SHA256|  
-|SA life time|28800 sec| 
-|Perfect forward secrecy (PFS)| - |  
-|Force encapsulation|enable| 
-^Networks^Parameter^ 
-|Local network|192.168.2.0| 
-|Local netmask|24| 
-|Remote network|192.168.1.0| 
-|Remote netmask|24| 
  
-All necessary firewall rules for the IPsec functionality will be set automatically,​ with the enable of the IPsec service. 
  
 ===== Server mode ===== ===== Server mode =====

Page Tools

configuration/ipsec.1593497564.txt.gz · Last modified: 2020/06/30 06:12 by dodenhoeft