Developers Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


Connecting ClearOS IPsec to Netgear

This guide covers tips for connecting ClearOS 6.x to Netgear routers. Specifically it was tested against the SRX5308 / FVX538 / FVS336G running the latest firmwares as of Jan 12, 2013.

Configuration ClearOS Side

In preparation for running the tunnel, please install the ClearOS IPSec VPN module. You must also all the IPsec traffic as an incoming firewall rule. Use the standard services pulldown menu and add 'IPsec' as the firewall rule in the Incoming firewall module.

For this example we will use invalid IP addresses for the external addresses please replace the addresses with your own. For the ClearOS side of the tunnel the network is 192.168.1.0/24. For the Netgear side the network is 10.1.1.0/24. The public WAN IP of the ClearOS server is the invalid address of 260.1.7.15 and the invalid WAN IP address of the Netgear is 302.7.3.45 for our examples.

ipsec.unmanaged.TUNNEL.conf

conn TUNNEL
    authby=secret
    auto=start
    left=302.7.3.45
    leftsubnet=10.1.1.0/24
    leftsourceip=10.1.1.1
    leftid=302.7.3.45
    right=260.1.7.15
    rightsubnet=192.168.1.0/24
    rightsourceip=192.168.1.1
    rightid=260.1.7.15
    keylife=1h
    ikelifetime=8h
    dpddelay=10
    dpdtimeout=30
    dpdaction=restart

ipsec.unmanaged.TUNNEL.secrets

260.1.7.15 302.7.3.45 : PSK "supersecretpassword"

Netgear configuration

On the Netgear side of things you will need to do the following:

  • Add IKE policy.
  • Call it TUNNEL (for example. you can call it something else as well).
  • Set the Preshared Key to some random string up to 49 characters (for our example we used 'supersecretpassword' without the quotes).
  • Enable Dead Peer Detection.
  • Leave everything else at default.

https://clearos.com/dokuwiki2/lib/exe/fetch.php?w=620&tok=83c6f0&media=documentation:clearos_guides:netgear_ike_policy.png

Next: Create a VPN policy

  • Set the policy name to TUNNEL (for example. you can call it something else as well).
  • Set remote end point IP 260.1.7.15 (for our example we use this invalid IP address as discussed earlier).
  • Set up the valid local and remote IPs and subnets correctly under Traffic Selection.
  • Turn ON PFS key group and set to DH Group2 (1024 bit) under VPN policy.
  • Select TUNNEL as the IKE policy.

https://clearos.com/dokuwiki2/lib/exe/fetch.php?w=620&tok=608c7b&media=documentation:clearos_guides:netgear_vpn_policy.png

content/en_us/kb_o_connecting_clearos_ipsec_to_netgear.txt · Last modified: 2014/12/23 13:53 (external edit)

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3Akb_o_connecting_clearos_ipsec_to_netgear&1710838897