Site to site ipsec vpn


for those that have been scratching their heads i’m posting a solution to a problem i had which took me a little over a week to figure out. crawling multiple google searches and every page of this forum.

a simple site to site vpn given in any example, such as:

set vpn ipsec
edit vpn ipsec
  set ipsec-interfaces
  edit ipsec-interfaces
    set interface eth0 

  set ike-group IKE
  edit ike-group IKE 
    set lifetime 7200
  set ike-group IKE proposal 1
  edit ike-group IKE proposal 1
      set encryption 3des
      set hash md5
      set dh-group 2
  set esp-group ESP 
  edit esp-group ESP 
    set lifetime 1800
    set compression disable (NOT ENABLE)
  set esp-group ESP proposal 1
  edit esp-group ESP proposal 1
      set encryption 3des
      set hash md5

  set site-to-site 
  edit site-to-site 
    set peer
    edit peer
    set authentification pre-shared-secret
    set ike-group IKE
    set local-ip
    set tunnel 1
    edit tunnel 1
      set local-subnet
      set remote-subnet
      set esp-group ESP


if you’ve configured you firewall rules correctly (i was unsure as mine are designed with zone-policy) the one setting which causes this all to fall apart is the, set vpn ipsec esp-group compression enable.

for some reason the compression setting does not work.


This article is too old for the actual version !