Benutzer-Werkzeuge

Webseiten-Werkzeuge


pc:pfsense

VPN

pfSense ipsec vpn tunnel to Fortigate 50B

[Client] (192.168.10.10) → (192.168.10.1) [pfSense] (X.X.X.X) → (123.123.123.123) [Fortigate 50B] (192.168.1.1) → (192.168.1.5) [Server]

Fortinet Fortigate 50B (Gateway)

  • WAN-Adress: 123.123.123.123/32 (wan1)
  • LAN-Adress: 192.168.1.1/24 (internal)
  • Firmware: v3.00+

Firewall -> Address -> IP/Mask

  • Name: IPSEC pfsense
  • Address / FQDN: 172.16.109.3
  • Interface: wan1(Internet)

Firewall -> Policy

  • Source Interface/Zone: internal(LAN)
  • Source Address: all
  • Destination Interface/Zone: wan1(Internet)
  • Destination Address: all
  • Schedule: always
  • Service: ANY
  • Action: IPSEC
  • VPN Tunnel: IPSEC pfSense
  • Allow inbound
  • Allow outbound

VPN -> IPSEC -> Auto Key (IKE)

Phase 1
  • Name: IPSEC pfSense
  • Remote Gateway: Dailup User
  • Local Interface: wan1(Internet)
  • Mode: Aggressive
  • Authentication Method: Preshared Key
  • Pre-shared Key: UseVeryLongAndComplexPasswordHere123456789
  • Peer Options: Accept this peer ID: pfsense.ipsec.vpn
  • P1 Proposal
    • Encryption: 3DES
    • Authentication: SHA1
    • DH Group: 2
    • Keylife: 28800 seconds
    • Local ID: -
    • XAuth: Disable
    • Nat-traversal: Enable
    • Keepalive Frequency: 10 seconds
    • Dead Peer Detection: Enable
Phase 2
  • Name: IPSEC pfSense P2
  • Phase 1: IPSEC pfSense
  • P2 Proposal
    • Encryption: 3DES
    • Authentication: SHA1
    • Enable replay detection
    • Enable perfect forward secrecy(PFS)
    • DH Group: 2
    • Keylife: 3600 seconds

pfSense (Client)

  • WAN-Adress: X.X.X.X (Dynamic IP Adress)
  • LAN-Adress: 192.168.10.1/24 (255.255.255.0)
  • pfSense Version: v1.2.2
pc/pfsense.txt · Zuletzt geändert: 2013/01/11 00:39 von pixeldoc