OPNsense Route based (VTI) PSK setup: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(4 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 70: Zeile 70:
 
|}
 
|}
  
==opnsense.it114.int VTI==
 
{| class="wikitable"
 
! Einstellung || Wert
 
|-
 
| '''Enabled''' || aktiviert (✓)
 
|-
 
| '''Reqid''' || 10
 
|-
 
| '''Local address''' || 192.168.6.114
 
|-
 
| '''Remote address''' || 192.168.6.113
 
|-
 
| '''Tunnel local address''' || 169.254.100.2
 
|-
 
| '''Tunnel remote address''' || 169.254.100.1
 
|-
 
| '''Tunnel secondary local address''' || –
 
|-
 
| '''Tunnel secondary remote address''' || –
 
|-
 
| '''Name''' || IPSEC10
 
|}
 
 
=VPN: IPsec: Connections=
 
=VPN: IPsec: Connections=
 
==opnsense.it113.int Connections==
 
==opnsense.it113.int Connections==
Zeile 115: Zeile 93:
 
| '''Description''' || –
 
| '''Description''' || –
 
|}
 
|}
 
 
=VPN: IPsec: Connections=
 
=VPN: IPsec: Connections=
 
==opnsense.it113.int Connections==
 
==opnsense.it113.int Connections==
Zeile 162: Zeile 139:
 
| '''Description''' || –
 
| '''Description''' || –
 
|}
 
|}
 +
 
=VPN: IPsec: Connections=
 
=VPN: IPsec: Connections=
 
==opnsense.it113.int Authentication==
 
==opnsense.it113.int Authentication==

Aktuelle Version vom 10. April 2025, 15:53 Uhr

Szenario

Einstellung opnsense.it113.int opnsense2.it114.int
IP Address 192.168.6.113 192.168.6.114
Tunnel IP 169.254.100.1 169.254.100.2
Internes Netz 172.16.113.0/24 172.16.114.0/24
Pre-Shared Key (PSK) 123Start$
Phase 1 AES256 – SHA256 – DH16
Phase 2 AES256 – SHA256 – DH16

VPN: IPsec: Pre-Shared Keys

opnsense.it113.int PSK

Einstellung Wert
Local Identifier 192.168.6.113
Remote Identifier 192.168.6.114
Pre-Shared Key 123Start$
Type PSK
Description

opnsense.it114.int PSK

Einstellung Wert
Local Identifier 192.168.6.114
Remote Identifier 192.168.6.113
Pre-Shared Key 123Start$
Type PSK
Description

VPN: IPsec: Virtual Tunnel Interfaces

opnsense.it113.int VTI

Einstellung Wert
Enabled aktiviert (✓)
Reqid 10
Local address 192.168.6.113
Remote address 192.168.6.114
Tunnel local address 169.254.100.1
Tunnel remote address 169.254.100.2
Tunnel secondary local address
Tunnel secondary remote address
Name IPSEC10

VPN: IPsec: Connections

opnsense.it113.int Connections

Einstellung Wert
Enabled aktiviert (✓)
Proposals default
Version IKEv2
MOBIKE deaktiviert
Local addresses 192.168.6.113
Remote addresses 192.168.6.114
DPD delay (s)
Pools Nothing selected
Description

VPN: IPsec: Connections

opnsense.it113.int Connections

Einstellung Wert
Enabled aktiviert (✓)
Proposals default
Version IKEv2
MOBIKE deaktiviert
Local addresses 192.168.6.113
Remote addresses 192.168.6.114
DPD delay (s)
Pools Nothing selected
Description

opnsense.it114.int Connections

Einstellung Wert
Enabled aktiviert (✓)
Proposals default
Version IKEv2
MOBIKE deaktiviert
Local addresses 192.168.6.113
Remote addresses 192.168.6.114
DPD delay (s)
Pools Nothing selected
Description

VPN: IPsec: Connections

opnsense.it113.int Authentication

Local

Einstellung Wert
Enabled aktiviert (✓)
Connection it113-it114
Round 0
Authentication Pre-Shared Key
Id 192.168.6.113
Certificates Nothing selected
Description

Remote

Einstellung Wert
Enabled aktiviert (✓)
Connection it113-it114
Round 0
Authentication Pre-Shared Key
Id 192.168.6.114
Certificates Nothing selected
Description

opnsense.it114.int Authentication

Local

Einstellung Wert
Enabled aktiviert (✓)
Connection it114-it113
Round 0
Authentication Pre-Shared Key
Id 192.168.6.114
Certificates Nothing selected
Description

Remote

Einstellung Wert
Enabled aktiviert (✓)
Connection it114-it113
Round 0
Authentication Pre-Shared Key
Id 192.168.6.113
Certificates Nothing selected
Description

Children

opnsense.it113.int Children

Einstellung Wert
Enabled aktiviert (✓)
Connection it113-it114
Mode Tunnel
Policies deaktiviert
Start action Trap
DPD action Clear
Reqid 10
ESP Proposals aes256-sha256-modp4096 [DH16]
Local 0.0.0.0/0
Remote 0.0.0.0/0
Description

opnsense.it114.int Children

Einstellung Wert
Enabled aktiviert (✓)
Connection it114-it113
Mode Tunnel
Policies deaktiviert
Start action Trap
DPD action Clear
Reqid 10
ESP Proposals aes256-sha256-modp4096 [DH16]
Local 0.0.0.0/0
Remote 0.0.0.0/0
Description

System: Gateways: Configuration

opnsense.it113.int Gateway

Einstellung Wert
Enabled aktiviert (✓)
Name IPSEC10_GW
Description IPSEC10_GW
Interface IPSEC10
Address Family IPv4
IP Address 169.254.100.2
Upstream Gateway deaktiviert
Far Gateway deaktiviert
Disable Gateway Monitoring aktiviert (✓)
Disable Host Route deaktiviert
Monitor IP
Mark Gateway as Down deaktiviert
Priority 255


opnsense.it114.int Gateway

Einstellung Wert
Enabled aktiviert (✓)
Name IPSEC10_GW
Description IPSEC10_GW
Interface IPSEC10
Address Family IPv4
IP Address 169.254.100.1
Upstream Gateway deaktiviert
Far Gateway deaktiviert
Disable Gateway Monitoring aktiviert (✓)
Disable Host Route deaktiviert
Monitor IP
Mark Gateway as Down deaktiviert
Priority 255

System: Routes: Configuration

opnsense.it113.int Route

Einstellung Wert
Enabled aktiviert (✓)
Network Address 172.16.114.0/24
Gateway IPSEC10_GW – 169.254.100.2
Description Route zu IT114 über VTI

opnsense.it114.int Route

Einstellung Wert
Enabled aktiviert (✓)
Network Address 172.16.113.0/24
Gateway IPSEC10_GW – 169.254.100.1
Description Route zu IT113 über VTI

Links

Abgerufen von „http://wiki.ixheim.de/index.php?title=OPNsense_Route_based_(VTI)_PSK_setup&oldid=61343