Difference between revisions of "IPSec between Edgrouter and PFSense"
Jump to navigation
Jump to search
Michael.mast (talk | contribs) |
Michael.mast (talk | contribs) |
||
| Line 1: | Line 1: | ||
<ref>https://help.ubnt.com/hc/en-us/articles/216771078-EdgeMAX-IPSec-VPN-CLI-Commands</ref> | <ref>https://help.ubnt.com/hc/en-us/articles/216771078-EdgeMAX-IPSec-VPN-CLI-Commands</ref> | ||
| − | ==VyOS conifguration (should be similar to EdgeOS)== | + | ==With VyOS behind NAT== |
| + | ===VyOS conifguration (should be similar to EdgeOS)== | ||
<pre> | <pre> | ||
| − | + | set vpn ipsec esp-group esp1 mode tunnel | |
| − | + | set vpn ipsec esp-group esp1 pfs enable | |
| + | set vpn ipsec esp-group esp1 proposal 1 encryption <your choice> | ||
| + | set vpn ipsec esp-group esp1 proposal 1 hash <your choice> | ||
| + | set vpn ipsec ike-group ike1 key-exchange ikev2 | ||
| + | set vpn ipsec ike-group ike1 proposal 1 dh-group <your choice> | ||
| + | set vpn ipsec ike-group ike1 proposal 1 encryption <your choice> | ||
| + | set vpn ipsec ike-group ike1 proposal 1 hash <your choice> | ||
| + | set vpn ipsec interfaces interface <the interface used for ipsec> | ||
| + | set vpn ipsec nat-traversal enable | ||
set vpn ipsec site-to-site peer <ip or hostname of your peer> default-esp-group esp1 | set vpn ipsec site-to-site peer <ip or hostname of your peer> default-esp-group esp1 | ||
set vpn ipsec site-to-site peer <ip or hostname of your peer> authentication mode pre-shared-secret | set vpn ipsec site-to-site peer <ip or hostname of your peer> authentication mode pre-shared-secret | ||
Revision as of 16:36, 31 August 2017
With VyOS behind NAT
=VyOS conifguration (should be similar to EdgeOS)
set vpn ipsec esp-group esp1 mode tunnel set vpn ipsec esp-group esp1 pfs enable set vpn ipsec esp-group esp1 proposal 1 encryption <your choice> set vpn ipsec esp-group esp1 proposal 1 hash <your choice> set vpn ipsec ike-group ike1 key-exchange ikev2 set vpn ipsec ike-group ike1 proposal 1 dh-group <your choice> set vpn ipsec ike-group ike1 proposal 1 encryption <your choice> set vpn ipsec ike-group ike1 proposal 1 hash <your choice> set vpn ipsec interfaces interface <the interface used for ipsec> set vpn ipsec nat-traversal enable set vpn ipsec site-to-site peer <ip or hostname of your peer> default-esp-group esp1 set vpn ipsec site-to-site peer <ip or hostname of your peer> authentication mode pre-shared-secret set vpn ipsec site-to-site peer <ip or hostname of your peer> authentication pre-shared-secret <your secret> set vpn ipsec site-to-site peer <ip or hostname of your peer> authentication id <your public IP> set vpn ipsec site-to-site peer <ip or hostname of your peer> ike-group ike1 set vpn ipsec site-to-site peer <ip or hostname of your peer> local-address <address that listens for ipsec traffic> set vpn ipsec site-to-site peer <ip or hostname of your peer> tunnel 1 esp-group esp1 set vpn ipsec site-to-site peer <ip or hostname of your peer> local prefix <local lan> set vpn ipsec site-to-site peer <ip or hostname of your peer> remote prefix <remote lan>
