Changes between Version 1 and Version 2 of User Guide/Remote Access/VPNpersist


Ignore:
Timestamp:
May 19, 2020, 9:39:01 PM (5 years ago)
Author:
msherman
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • User Guide/Remote Access/VPNpersist

    v1 v2  
    11[[Include(WikiToC)]]
    22=== Persistent Site to Site VPN === #sitetosite
     3
     4Each console, as well as the central firewall act as potential VPN endpoints. To establish a site to site vpn, usually you will need to choose a console as the end-point. This will provide L3 access to the control network for that domain. L3 access to data networks will require additional configuration.
     5
     6The endpoints run stronswan with the following configuration template.
     7
     8We will provide the needed "left" information in `<brackets>` below, as well as a pre-shared key.
     9
     10You will need to provide us with the "right" information in `<brackets>` below, as well as a phone number or other secure (non-email) way to send you the pre-shared key.
     11
     12{{{
     13conn %default
     14    auto=start
     15    type=tunnel
     16    keyexchange=ikev2
     17    mobike=yes
     18    fragmentation=yes
     19    installpolicy=yes
     20
     21    ike=aes256-sha2_256-ecp384!
     22    esp=aes256-sha2_256-ecp384!
     23
     24    dpddelay=10s
     25    dpdtimeout=60s
     26    dpdaction=restart
     27
     28    authby=secret
     29
     30    left=<console private IP>
     31    leftid=<console private IP>
     32    leftsubnet=<domain control network>
     33
     34conn <yoursite>
     35    right=<your endpoint public static IP>
     36    rightid=<your endpoint public static IP or dns name>
     37    rightsubnet=<your private network to route>
     38
     39}}}