OPNsense site2site IPSEC
Version vom 18. Februar 2026, 06:28 Uhr von Thomas.will (Diskussion | Beiträge)
VPN Daten
Kenndaten
| Einstellung | opnsense.it213.xinmen.de | opnsense.it214.xinmen.de |
|---|---|---|
| Protokoll 2 | IKEv2 | |
| ID | 192.168.4.213 | 192.168.4.214 |
| IP Address | 192.168.4.213 | 192.168.4.214 |
| Internes Netz | 172.17.213.0/24 | 172.17.214.0/24 |
| Pre-Shared Key (PSK) | 123Start$ | |
| Phase 1 | AES256 – SHA256 – DH16 | |
| Phase 2 | AES256 – SHA256 – DH16 | |
| IKE-LIFETIME | 10800s | |
| ESP-LIFETIME | 3600s | |
Schaubild
![Bearbeiten](javascript:editDrawio("40128626", "opns-sec-fire-04.drawio.png", "png", false, false, false, true, "https://embed.diagrams.net")){kind=link}
IT213 Seite
- VPN
- IPsec
- Pre-Shared Keys
- IPsec
| Feld | Wert |
|---|---|
| Local Identifier | 192.168.4.213 |
| Remote Identifier | 192.168.4.214 |
| Pre-Shared Key | 123Start$ |
| Type | PSK |
| Description | - |
VPN: IPsec: Connections
ADD PSK
- VPN
- IPsec
- PREshared_Key
- IPsec
| Parameter | Wert |
|---|---|
| Enabled | Ja |
| Proposals | aes256-sha256-modp4096 (DH16) |
| Unique | No (default) |
| Aggressive Mode | Nein |
| Version | IKEv2 |
| MOBIKE | Ja |
| Local addresses | 192.168.4.213 |
| Local port | 500 |
| Remote addresses | 192.168.4.214 |
| Remote port | 500 |
| UDP encapsulation | Nein |
| Re-auth time (s) | 10800 |
| Rekey time (s) | - |
| Over time (s) | - |
| DPD delay (s) | - |
| DPD timeout (s) | - |
| Pools | None |
| Send cert req | Ja |
| Send certificate | Default |
| Keyingtries | - |
| Description | it213-it214 |
Enable IPsec
- VPN
- IPsec
- Connections
- Enable IPSEC (x)
- Connections
- IPsec
Add Connection
- VPN
- IPsec
- Connections
- Enable IPSEC (x)
- Connections
- IPsec
Local Authentication
- VPN
- IPsec
- Connections
- Local Authentication
- Connections
- IPsec
| Parameter | Wert |
|---|---|
| Enabled | Ja |
| Connection | it213-it214 |
| Round | 0 |
| Authentication | Pre-Shared Key |
| ID | 192.168.4.213 |
| Certificates | None |
| Description | - |
Remote Authentication
- VPN
- IPsec
- Connections
- Remote Authentication
- Connections
- IPsec
| Parameter | Wert |
|---|---|
| Enabled | Ja |
| Connection | it213-it214 |
| Round | 0 |
| Authentication | Pre-Shared Key |
| ID | 192.168.4.214 |
| Certificates | None |
| Certificate Authorities | None |
| Description | - |
Children
- VPN
- IPsec
- Connections
- Children
- Connections
- IPsec
| Parameter | Wert |
|---|---|
| Enabled | Ja |
| Connection | it213-it214 |
| Use sha256_96 | Nein |
| Mode | Tunnel |
| Policies | Ja |
| Start action | Start |
| Close action | None |
| DPD action | Clear |
| Reqid | - |
| ESP proposals | aes256-sha256-modp4096 (DH16) |
| Local network | 172.17.213.0/24 |
| Remote network | 172.17.214.0/24 |
| Rekey time (s) | 3600 |
| Description | it213-it214-net |
VPN: IPsec: Status Overview
VPN: IPsec: Security Policy Database
Freischalten in der Firewall
