Firewall ipsec configuration – RuggedCom RuggedRouter RX1100 User Manual
Page 158
16. Configuring IPsec VPN
Revision 1.14.3
158
RX1000/RX1100™
is the pass phrase that was used to generate the certificate) must be added to the end of the /etc/
ipsec.secrets file.
Note
The Maintenance Menu, Upload/Download Files sub-menu provides a method to transfer the files
directly to the indicated directories.
Enable IPSec from the Bootup and Shutdown menu. Visit the IPSec VPN menu and generate a
public key.
Visit the Server Configuration menu and associate the ipsec0 interface with the desired interface
the connection will arrive on (here w1ppp).
Create a connection for the clients. Set the parameters as follows:
Parameters
Value
Comments
At IPsec Startup
Add connection
We wish to add the connection when the
client starts it.
Authenticate by
rsasig
X.509 certificates provide RSA
Connection Type
Tunnel
Encryption Protocols
As desired
Compress Data
As desired
Perfect Forwarding Secrecy
As desired
Recommend “yes”
NAT Traversal
No
Required when the router acts as a
client and is behind a NAT firewall.
Left System Settings
Router's side
Public IP Address
Address or hostname .. (IP of public
gateway)
System Identifier
Default
Private subnet behind system
10.0.0.0/8
System's public key
Certificate File (router.pem)
Next hop to other system
Default
Right System Settings
Laptop1 side
Public IP Address
Automatic
System Identifier
Default
Private subnet behind system
10.0.1.0/24
Assign IP based on client from within
this subnet
System's public key
Entered below (%cert)
Derive identity from incoming certificate
Next hop to other system
Default
Apply the configuration to restart the server and create an ipsec0 interface.
16.2.10.5. Firewall IPSec Configuration
Create firewall Zones “vpn” and “net”. Ensure that the WAN interface (here w1ppp) and ipsec0
interface are present in the Shorewall Network Interfaces. The WAN interfaces should be in zone
“net” while ipsec0 should be in zone “vpn”.