VPN EdgeOS
Spring til navigation
Spring til søgning
Indholdsfortegnelse
VPN opsætning
SSH til router.
Aktivér konfigurationsmode.
configure
Konfigurér IPSEC tunnel
set vpn ipsec ipsec-interfaces interface eth5 set vpn ipsec nat-networks allowed-network 0.0.0.0/0 set vpn ipsec nat-traversal enable
Opsæt authentication
set vpn l2tp remote-access authentication mode local set vpn l2tp remote-access authentication local-users username <USERNAME> password <PASSWORD>
Sæt VPN client IP pool
set vpn l2tp remote-access client-ip-pool start 10.10.1.100 set vpn l2tp remote-access client-ip-pool stop 10.10.1.120
DNS opsætning
set vpn l2tp remote-access dns-servers server-1 10.10.1.1
Som standard lytter DNS forwarding servicen kun på ethX, for at VPN klienter bruge forwarding må servicen også lytte på routerens IP.
set service dns forwarding options 'listen-address=10.10.1.1'
Opsætning af L2TP authentication
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret <REALLYLONGPASSWORD> set vpn l2tp remote-access ipsec-settings ike-lifetime 3600
Konfigurér ekstern IP
set vpn l2tp remote-access dhcp-interface eth1
Erstat eth1 med wan interfacet.
Firewall opsætning
Tillad IKE trafik
set firewall name WAN_LOCAL rule 3 action accept set firewall name WAN_LOCAL rule 3 description 'Allow IKE for Remote VPN Server' set firewall name WAN_LOCAL rule 3 destination port 500 set firewall name WAN_LOCAL rule 3 log enable set firewall name WAN_LOCAL rule 3 protocol udp
Tillad L2TP trafik
set firewall name WAN_LOCAL rule 4 action accept set firewall name WAN_LOCAL rule 4 description ‘Allow L2TP for Remote VPN Server’ set firewall name WAN_LOCAL rule 4 destination port 1701 set firewall name WAN_LOCAL rule 4 log enable set firewall name WAN_LOCAL rule 4 protocol udp
Tillad ESP trafik
set firewall name WAN_LOCAL rule 5 action accept set firewall name WAN_LOCAL rule 5 description ‘Allow ESP for Remote VPN Server’ set firewall name WAN_LOCAL rule 5 log enable set firewall name WAN_LOCAL rule 5 protocol esp
Tillad NAT traversal trafik
set firewall name WAN_LOCAL rule 6 action accept set firewall name WAN_LOCAL rule 6 description ‘Allow Nat-T for Remote VPN Server’ set firewall name WAN_LOCAL rule 6 destination port 4500 set firewall name WAN_LOCAL rule 6 log enable set firewall name WAN_LOCAL rule 6 protocol udp
Aktivér og gem ændringer
For at være sikker på at det ikke er kongureret forkert køres eb 'commit-confirm' . Hvis der ikke gøres noget i 10 minutter ruller sytemet ædnringer tilbage.
commit-confirm save exit
