OPNsense Route based (VTI) PSK setup: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| (25 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
=Szenario= | =Szenario= | ||
{| class="wikitable" | {| class="wikitable" | ||
| − | ! Einstellung !! opnsense.it113.int !! opnsense2. | + | ! Einstellung !! opnsense.it113.int !! opnsense2.it114.int |
|- | |- | ||
| '''IP Address''' || 192.168.6.113 || 192.168.6.114 | | '''IP Address''' || 192.168.6.113 || 192.168.6.114 | ||
| Zeile 7: | Zeile 7: | ||
| '''Tunnel IP''' || 169.254.100.1 || 169.254.100.2 | | '''Tunnel IP''' || 169.254.100.1 || 169.254.100.2 | ||
|- | |- | ||
| − | | '''Internes Netz''' || 172. | + | | '''Internes Netz''' || 172.16.113.0/24 || 172.16.114.0/24 |
|- | |- | ||
| '''Pre-Shared Key (PSK)''' || colspan="2" | 123Start$ | | '''Pre-Shared Key (PSK)''' || colspan="2" | 123Start$ | ||
| Zeile 15: | Zeile 15: | ||
| '''Phase 2''' || colspan="2" | AES256 – SHA256 – DH16 | | '''Phase 2''' || colspan="2" | AES256 – SHA256 – DH16 | ||
|} | |} | ||
| + | |||
| + | =VPN: IPsec: Pre-Shared Keys= | ||
| + | ==opnsense.it113.int PSK== | ||
| + | {| class="wikitable" | ||
| + | ! Einstellung || Wert | ||
| + | |- | ||
| + | | '''Local Identifier''' || 192.168.6.113 | ||
| + | |- | ||
| + | | '''Remote Identifier''' || 192.168.6.114 | ||
| + | |- | ||
| + | | '''Pre-Shared Key''' || 123Start$ | ||
| + | |- | ||
| + | | '''Type''' || PSK | ||
| + | |- | ||
| + | | '''Description''' || – | ||
| + | |} | ||
| + | ==opnsense.it114.int PSK== | ||
| + | {| class="wikitable" | ||
| + | ! Einstellung || Wert | ||
| + | |- | ||
| + | | '''Local Identifier''' || 192.168.6.114 | ||
| + | |- | ||
| + | | '''Remote Identifier''' || 192.168.6.113 | ||
| + | |- | ||
| + | | '''Pre-Shared Key''' || 123Start$ | ||
| + | |- | ||
| + | | '''Type''' || PSK | ||
| + | |- | ||
| + | | '''Description''' || – | ||
| + | |} | ||
| + | |||
=VPN: IPsec: Virtual Tunnel Interfaces= | =VPN: IPsec: Virtual Tunnel Interfaces= | ||
==opnsense.it113.int VTI== | ==opnsense.it113.int VTI== | ||
| − | + | {| class="wikitable" | |
| − | + | ! Einstellung || Wert | |
| − | + | |- | |
| + | | '''Enabled''' || aktiviert (✓) | ||
| + | |- | ||
| + | | '''Reqid''' || 10 | ||
| + | |- | ||
| + | | '''Local address''' || 192.168.6.113 | ||
| + | |- | ||
| + | | '''Remote address''' || 192.168.6.114 | ||
| + | |- | ||
| + | | '''Tunnel local address''' || 169.254.100.1 | ||
| + | |- | ||
| + | | '''Tunnel remote address''' || 169.254.100.2 | ||
| + | |- | ||
| + | | '''Tunnel secondary local address''' || – | ||
| + | |- | ||
| + | | '''Tunnel secondary remote address''' || – | ||
| + | |- | ||
| + | | '''Name''' || IPSEC10 | ||
| + | |} | ||
| + | |||
=VPN: IPsec: Connections= | =VPN: IPsec: Connections= | ||
==opnsense.it113.int Connections== | ==opnsense.it113.int Connections== | ||
| + | {| class="wikitable" | ||
| + | ! Einstellung || Wert | ||
| + | |- | ||
| + | | '''Enabled''' || aktiviert (✓) | ||
| + | |- | ||
| + | | '''Proposals''' || default | ||
| + | |- | ||
| + | | '''Version''' || IKEv2 | ||
| + | |- | ||
| + | | '''MOBIKE''' || deaktiviert | ||
| + | |- | ||
| + | | '''Local addresses''' || 192.168.6.113 | ||
| + | |- | ||
| + | | '''Remote addresses''' || 192.168.6.114 | ||
| + | |- | ||
| + | | '''DPD delay (s)''' || – | ||
| + | |- | ||
| + | | '''Pools''' || Nothing selected | ||
| + | |- | ||
| + | | '''Description''' || – | ||
| + | |} | ||
| + | =VPN: IPsec: Connections= | ||
| + | ==opnsense.it113.int Connections== | ||
| + | {| class="wikitable" | ||
| + | ! Einstellung || Wert | ||
| + | |- | ||
| + | | '''Enabled''' || aktiviert (✓) | ||
| + | |- | ||
| + | | '''Proposals''' || default | ||
| + | |- | ||
| + | | '''Version''' || IKEv2 | ||
| + | |- | ||
| + | | '''MOBIKE''' || deaktiviert | ||
| + | |- | ||
| + | | '''Local addresses''' || 192.168.6.113 | ||
| + | |- | ||
| + | | '''Remote addresses''' || 192.168.6.114 | ||
| + | |- | ||
| + | | '''DPD delay (s)''' || – | ||
| + | |- | ||
| + | | '''Pools''' || Nothing selected | ||
| + | |- | ||
| + | | '''Description''' || – | ||
| + | |} | ||
==opnsense.it114.int Connections== | ==opnsense.it114.int Connections== | ||
| + | {| class="wikitable" | ||
| + | ! Einstellung || Wert | ||
| + | |- | ||
| + | | '''Enabled''' || aktiviert (✓) | ||
| + | |- | ||
| + | | '''Proposals''' || default | ||
| + | |- | ||
| + | | '''Version''' || IKEv2 | ||
| + | |- | ||
| + | | '''MOBIKE''' || deaktiviert | ||
| + | |- | ||
| + | | '''Local addresses''' || 192.168.6.113 | ||
| + | |- | ||
| + | | '''Remote addresses''' || 192.168.6.114 | ||
| + | |- | ||
| + | | '''DPD delay (s)''' || – | ||
| + | |- | ||
| + | | '''Pools''' || Nothing selected | ||
| + | |- | ||
| + | | '''Description''' || – | ||
| + | |} | ||
=VPN: IPsec: Connections= | =VPN: IPsec: Connections= | ||
==opnsense.it113.int Authentication== | ==opnsense.it113.int Authentication== | ||
| + | ===Local=== | ||
| + | {| class="wikitable" | ||
| + | ! Einstellung || Wert | ||
| + | |- | ||
| + | | '''Enabled''' || aktiviert (✓) | ||
| + | |- | ||
| + | | '''Connection''' || it113-it114 | ||
| + | |- | ||
| + | | '''Round''' || 0 | ||
| + | |- | ||
| + | | '''Authentication''' || Pre-Shared Key | ||
| + | |- | ||
| + | | '''Id''' || 192.168.6.113 | ||
| + | |- | ||
| + | | '''Certificates''' || Nothing selected | ||
| + | |- | ||
| + | | '''Description''' || – | ||
| + | |} | ||
| + | ===Remote=== | ||
| + | {| class="wikitable" | ||
| + | ! Einstellung || Wert | ||
| + | |- | ||
| + | | '''Enabled''' || aktiviert (✓) | ||
| + | |- | ||
| + | | '''Connection''' || it113-it114 | ||
| + | |- | ||
| + | | '''Round''' || 0 | ||
| + | |- | ||
| + | | '''Authentication''' || Pre-Shared Key | ||
| + | |- | ||
| + | | '''Id''' || 192.168.6.114 | ||
| + | |- | ||
| + | | '''Certificates''' || Nothing selected | ||
| + | |- | ||
| + | | '''Description''' || – | ||
| + | |} | ||
==opnsense.it114.int Authentication== | ==opnsense.it114.int Authentication== | ||
| + | ===Local=== | ||
| + | {| class="wikitable" | ||
| + | ! Einstellung || Wert | ||
| + | |- | ||
| + | | '''Enabled''' || aktiviert (✓) | ||
| + | |- | ||
| + | | '''Connection''' || it114-it113 | ||
| + | |- | ||
| + | | '''Round''' || 0 | ||
| + | |- | ||
| + | | '''Authentication''' || Pre-Shared Key | ||
| + | |- | ||
| + | | '''Id''' || 192.168.6.114 | ||
| + | |- | ||
| + | | '''Certificates''' || Nothing selected | ||
| + | |- | ||
| + | | '''Description''' || – | ||
| + | |} | ||
| + | ===Remote=== | ||
| + | {| class="wikitable" | ||
| + | ! Einstellung || Wert | ||
| + | |- | ||
| + | | '''Enabled''' || aktiviert (✓) | ||
| + | |- | ||
| + | | '''Connection''' || it114-it113 | ||
| + | |- | ||
| + | | '''Round''' || 0 | ||
| + | |- | ||
| + | | '''Authentication''' || Pre-Shared Key | ||
| + | |- | ||
| + | | '''Id''' || 192.168.6.113 | ||
| + | |- | ||
| + | | '''Certificates''' || Nothing selected | ||
| + | |- | ||
| + | | '''Description''' || – | ||
| + | |} | ||
| + | ==Children== | ||
| + | ===opnsense.it113.int Children=== | ||
| + | {| class="wikitable" | ||
| + | ! Einstellung || Wert | ||
| + | |- | ||
| + | | '''Enabled''' || aktiviert (✓) | ||
| + | |- | ||
| + | | '''Connection''' || it113-it114 | ||
| + | |- | ||
| + | | '''Mode''' || Tunnel | ||
| + | |- | ||
| + | | '''Policies''' || deaktiviert | ||
| + | |- | ||
| + | | '''Start action''' || Trap | ||
| + | |- | ||
| + | | '''DPD action''' || Clear | ||
| + | |- | ||
| + | | '''Reqid''' || 10 | ||
| + | |- | ||
| + | | '''ESP Proposals''' || aes256-sha256-modp4096 [DH16] | ||
| + | |- | ||
| + | | '''Local''' || 0.0.0.0/0 | ||
| + | |- | ||
| + | | '''Remote''' || 0.0.0.0/0 | ||
| + | |- | ||
| + | | '''Description''' || – | ||
| + | |} | ||
| + | ===opnsense.it114.int Children=== | ||
| + | {| class="wikitable" | ||
| + | ! Einstellung || Wert | ||
| + | |- | ||
| + | | '''Enabled''' || aktiviert (✓) | ||
| + | |- | ||
| + | | '''Connection''' || it114-it113 | ||
| + | |- | ||
| + | | '''Mode''' || Tunnel | ||
| + | |- | ||
| + | | '''Policies''' || deaktiviert | ||
| + | |- | ||
| + | | '''Start action''' || Trap | ||
| + | |- | ||
| + | | '''DPD action''' || Clear | ||
| + | |- | ||
| + | | '''Reqid''' || 10 | ||
| + | |- | ||
| + | | '''ESP Proposals''' || aes256-sha256-modp4096 [DH16] | ||
| + | |- | ||
| + | | '''Local''' || 0.0.0.0/0 | ||
| + | |- | ||
| + | | '''Remote''' || 0.0.0.0/0 | ||
| + | |- | ||
| + | | '''Description''' || – | ||
| + | |} | ||
| + | |||
| + | =System: Gateways: Configuration= | ||
| + | ==opnsense.it113.int Gateway== | ||
| + | {| class="wikitable" | ||
| + | ! Einstellung || Wert | ||
| + | |- | ||
| + | | '''Enabled''' || aktiviert (✓) | ||
| + | |- | ||
| + | | '''Name''' || IPSEC10_GW | ||
| + | |- | ||
| + | | '''Description''' || IPSEC10_GW | ||
| + | |- | ||
| + | | '''Interface''' || IPSEC10 | ||
| + | |- | ||
| + | | '''Address Family''' || IPv4 | ||
| + | |- | ||
| + | | '''IP Address''' || 169.254.100.2 | ||
| + | |- | ||
| + | | '''Upstream Gateway''' || deaktiviert | ||
| + | |- | ||
| + | | '''Far Gateway''' || deaktiviert | ||
| + | |- | ||
| + | | '''Disable Gateway Monitoring''' || aktiviert (✓) | ||
| + | |- | ||
| + | | '''Disable Host Route''' || deaktiviert | ||
| + | |- | ||
| + | | '''Monitor IP''' || – | ||
| + | |- | ||
| + | | '''Mark Gateway as Down''' || deaktiviert | ||
| + | |- | ||
| + | | '''Priority''' || 255 | ||
| + | |} | ||
| + | |||
| + | |||
| + | ==opnsense.it114.int Gateway== | ||
| + | {| class="wikitable" | ||
| + | ! Einstellung || Wert | ||
| + | |- | ||
| + | | '''Enabled''' || aktiviert (✓) | ||
| + | |- | ||
| + | | '''Name''' || IPSEC10_GW | ||
| + | |- | ||
| + | | '''Description''' || IPSEC10_GW | ||
| + | |- | ||
| + | | '''Interface''' || IPSEC10 | ||
| + | |- | ||
| + | | '''Address Family''' || IPv4 | ||
| + | |- | ||
| + | | '''IP Address''' || 169.254.100.1 | ||
| + | |- | ||
| + | | '''Upstream Gateway''' || deaktiviert | ||
| + | |- | ||
| + | | '''Far Gateway''' || deaktiviert | ||
| + | |- | ||
| + | | '''Disable Gateway Monitoring''' || aktiviert (✓) | ||
| + | |- | ||
| + | | '''Disable Host Route''' || deaktiviert | ||
| + | |- | ||
| + | | '''Monitor IP''' || – | ||
| + | |- | ||
| + | | '''Mark Gateway as Down''' || deaktiviert | ||
| + | |- | ||
| + | | '''Priority''' || 255 | ||
| + | |} | ||
| + | =System: Routes: Configuration= | ||
| + | ==opnsense.it113.int Route== | ||
| + | {| class="wikitable" | ||
| + | ! Einstellung || Wert | ||
| + | |- | ||
| + | | '''Enabled''' || aktiviert (✓) | ||
| + | |- | ||
| + | | '''Network Address''' || 172.16.114.0/24 | ||
| + | |- | ||
| + | | '''Gateway''' || IPSEC10_GW – 169.254.100.2 | ||
| + | |- | ||
| + | | '''Description''' || Route zu IT114 über VTI | ||
| + | |} | ||
| + | ==opnsense.it114.int Route== | ||
| + | {| class="wikitable" | ||
| + | ! Einstellung || Wert | ||
| + | |- | ||
| + | | '''Enabled''' || aktiviert (✓) | ||
| + | |- | ||
| + | | '''Network Address''' || 172.16.113.0/24 | ||
| + | |- | ||
| + | | '''Gateway''' || IPSEC10_GW – 169.254.100.1 | ||
| + | |- | ||
| + | | '''Description''' || Route zu IT113 über VTI | ||
| + | |} | ||
=Links= | =Links= | ||
| − | |||
Aktuelle Version vom 10. April 2025, 15:53 Uhr
Szenario
| Einstellung | opnsense.it113.int | opnsense2.it114.int |
|---|---|---|
| IP Address | 192.168.6.113 | 192.168.6.114 |
| Tunnel IP | 169.254.100.1 | 169.254.100.2 |
| Internes Netz | 172.16.113.0/24 | 172.16.114.0/24 |
| Pre-Shared Key (PSK) | 123Start$ | |
| Phase 1 | AES256 – SHA256 – DH16 | |
| Phase 2 | AES256 – SHA256 – DH16 | |
opnsense.it113.int PSK
| Einstellung | Wert |
|---|---|
| Local Identifier | 192.168.6.113 |
| Remote Identifier | 192.168.6.114 |
| Pre-Shared Key | 123Start$ |
| Type | PSK |
| Description | – |
opnsense.it114.int PSK
| Einstellung | Wert |
|---|---|
| Local Identifier | 192.168.6.114 |
| Remote Identifier | 192.168.6.113 |
| Pre-Shared Key | 123Start$ |
| Type | PSK |
| Description | – |
VPN: IPsec: Virtual Tunnel Interfaces
opnsense.it113.int VTI
| Einstellung | Wert |
|---|---|
| Enabled | aktiviert (✓) |
| Reqid | 10 |
| Local address | 192.168.6.113 |
| Remote address | 192.168.6.114 |
| Tunnel local address | 169.254.100.1 |
| Tunnel remote address | 169.254.100.2 |
| Tunnel secondary local address | – |
| Tunnel secondary remote address | – |
| Name | IPSEC10 |
VPN: IPsec: Connections
opnsense.it113.int Connections
| Einstellung | Wert |
|---|---|
| Enabled | aktiviert (✓) |
| Proposals | default |
| Version | IKEv2 |
| MOBIKE | deaktiviert |
| Local addresses | 192.168.6.113 |
| Remote addresses | 192.168.6.114 |
| DPD delay (s) | – |
| Pools | Nothing selected |
| Description | – |
VPN: IPsec: Connections
opnsense.it113.int Connections
| Einstellung | Wert |
|---|---|
| Enabled | aktiviert (✓) |
| Proposals | default |
| Version | IKEv2 |
| MOBIKE | deaktiviert |
| Local addresses | 192.168.6.113 |
| Remote addresses | 192.168.6.114 |
| DPD delay (s) | – |
| Pools | Nothing selected |
| Description | – |
opnsense.it114.int Connections
| Einstellung | Wert |
|---|---|
| Enabled | aktiviert (✓) |
| Proposals | default |
| Version | IKEv2 |
| MOBIKE | deaktiviert |
| Local addresses | 192.168.6.113 |
| Remote addresses | 192.168.6.114 |
| DPD delay (s) | – |
| Pools | Nothing selected |
| Description | – |
VPN: IPsec: Connections
opnsense.it113.int Authentication
Local
| Einstellung | Wert |
|---|---|
| Enabled | aktiviert (✓) |
| Connection | it113-it114 |
| Round | 0 |
| Authentication | Pre-Shared Key |
| Id | 192.168.6.113 |
| Certificates | Nothing selected |
| Description | – |
Remote
| Einstellung | Wert |
|---|---|
| Enabled | aktiviert (✓) |
| Connection | it113-it114 |
| Round | 0 |
| Authentication | Pre-Shared Key |
| Id | 192.168.6.114 |
| Certificates | Nothing selected |
| Description | – |
opnsense.it114.int Authentication
Local
| Einstellung | Wert |
|---|---|
| Enabled | aktiviert (✓) |
| Connection | it114-it113 |
| Round | 0 |
| Authentication | Pre-Shared Key |
| Id | 192.168.6.114 |
| Certificates | Nothing selected |
| Description | – |
Remote
| Einstellung | Wert |
|---|---|
| Enabled | aktiviert (✓) |
| Connection | it114-it113 |
| Round | 0 |
| Authentication | Pre-Shared Key |
| Id | 192.168.6.113 |
| Certificates | Nothing selected |
| Description | – |
Children
opnsense.it113.int Children
| Einstellung | Wert |
|---|---|
| Enabled | aktiviert (✓) |
| Connection | it113-it114 |
| Mode | Tunnel |
| Policies | deaktiviert |
| Start action | Trap |
| DPD action | Clear |
| Reqid | 10 |
| ESP Proposals | aes256-sha256-modp4096 [DH16] |
| Local | 0.0.0.0/0 |
| Remote | 0.0.0.0/0 |
| Description | – |
opnsense.it114.int Children
| Einstellung | Wert |
|---|---|
| Enabled | aktiviert (✓) |
| Connection | it114-it113 |
| Mode | Tunnel |
| Policies | deaktiviert |
| Start action | Trap |
| DPD action | Clear |
| Reqid | 10 |
| ESP Proposals | aes256-sha256-modp4096 [DH16] |
| Local | 0.0.0.0/0 |
| Remote | 0.0.0.0/0 |
| Description | – |
System: Gateways: Configuration
opnsense.it113.int Gateway
| Einstellung | Wert |
|---|---|
| Enabled | aktiviert (✓) |
| Name | IPSEC10_GW |
| Description | IPSEC10_GW |
| Interface | IPSEC10 |
| Address Family | IPv4 |
| IP Address | 169.254.100.2 |
| Upstream Gateway | deaktiviert |
| Far Gateway | deaktiviert |
| Disable Gateway Monitoring | aktiviert (✓) |
| Disable Host Route | deaktiviert |
| Monitor IP | – |
| Mark Gateway as Down | deaktiviert |
| Priority | 255 |
opnsense.it114.int Gateway
| Einstellung | Wert |
|---|---|
| Enabled | aktiviert (✓) |
| Name | IPSEC10_GW |
| Description | IPSEC10_GW |
| Interface | IPSEC10 |
| Address Family | IPv4 |
| IP Address | 169.254.100.1 |
| Upstream Gateway | deaktiviert |
| Far Gateway | deaktiviert |
| Disable Gateway Monitoring | aktiviert (✓) |
| Disable Host Route | deaktiviert |
| Monitor IP | – |
| Mark Gateway as Down | deaktiviert |
| Priority | 255 |
System: Routes: Configuration
opnsense.it113.int Route
| Einstellung | Wert |
|---|---|
| Enabled | aktiviert (✓) |
| Network Address | 172.16.114.0/24 |
| Gateway | IPSEC10_GW – 169.254.100.2 |
| Description | Route zu IT114 über VTI |
opnsense.it114.int Route
| Einstellung | Wert |
|---|---|
| Enabled | aktiviert (✓) |
| Network Address | 172.16.113.0/24 |
| Gateway | IPSEC10_GW – 169.254.100.1 |
| Description | Route zu IT113 über VTI |