Site to site ipsec vpn


#1

for those that have been scratching their heads i’m posting a solution to a problem i had which took me a little over a week to figure out. crawling multiple google searches and every page of this forum.

a simple site to site vpn given in any example, such as:

set vpn ipsec
edit vpn ipsec
  set ipsec-interfaces
  edit ipsec-interfaces
    set interface eth0 

  set ike-group IKE
  edit ike-group IKE 
    set lifetime 7200
  set ike-group IKE proposal 1
  edit ike-group IKE proposal 1
      set encryption 3des
      set hash md5
      set dh-group 2
  
  set esp-group ESP 
  edit esp-group ESP 
    set lifetime 1800
    set compression disable (NOT ENABLE)
  set esp-group ESP proposal 1
  edit esp-group ESP proposal 1
      set encryption 3des
      set hash md5

  set site-to-site 
  edit site-to-site 
    set peer 50.0.0.1
    edit peer 50.0.0.1
    set authentification pre-shared-secret
     [i]teddy[/i]
    set ike-group IKE
    set local-ip 100.0.0.1
    set tunnel 1
    edit tunnel 1
      set local-subnet 10.200.0.0/16
      set remote-subnet 10.250.0.0/16
      set esp-group ESP

source: http://openmaniak.com/vyatta_case_ipsec.php

if you’ve configured you firewall rules correctly (i was unsure as mine are designed with zone-policy) the one setting which causes this all to fall apart is the, set vpn ipsec esp-group compression enable.

for some reason the compression setting does not work.


#2

This article is too old for the actual version !