Hello
i have problem with tunneling two virtual ipfire machines in vmware
i have two ipfire in diffrent network adapters ,i must connect them to eachother via ipfire ipsec tunneling , i mean i want to connect both virtual ipfires via tunneling without any client behind them just two ipfire must connect through ipsec Tunneling
my config in ipfireVM1: two network adapters ( red → vmnet1 & green → vmnet2 )
my config in ipfireVM2: two network adapters ( red → vmnet3 & green → vmnet4 )
now i want that the green networks can ping eachother over ipsec tunneling what should i do please with details, im new to ipfire and also networking
Thank You
first problem based on following requiremnets:
Pre-requirements
In order to set up an IPsec VPN, both systems need to be able to talk to each other. IPsec uses UDP/500, UDP/4500 and ESP which will automatically be opened in IPFire.
Static IP addresses are helpful, but dynamic DNS hostnames are supported, too.
i dont want to use a virtual router and i have four different network-adapters , how two different adapters should talk with eachother?!
should i change the red adapters to one and same as eachother?
i mean:
first ipfireVM: red → vmnet1 & green → vmnet2
second ipfireVM: red → vmnet1 & green → vmnet3
red adapters should be the same?
i dont want to use router
RED Ip address of IPFire is public? Unless something funny happens on your ISP, should work.
RED Ip address of IPFire is private? You (or your ISP) must configure port forward for port 500 and 4500 UDP, and tunnels must be configured as NAT-traversal
thank you
no, there is not any ISP in this case
i want to run ipfire ipsec tunnel in vmware all in local network.
the range of ip addresses could be anything and its not important to me
i just want to setup ipsec tunnel in vmare without internet and i want easiest way, i just want to see ipsec status as “connected”.
what should i do?
Yes I think you can do that. I have not done it with IPSec and VMWare but I have done it successfully for OpenVPN and VirtualBox but I had another IPFire on the red network as the equivalent of the ISP giving out the IP’s via DHCP.
You need to choose a private subnet for your red network and assign one ip for one machine and another ip for the other machine. Then for the green interfaces choose an IP from two different subnets so that the two green networks do not have any overlap.
When you install IPFire on each of the vm’s you will need to know those IP’s for the green interfaces but also for the red interfaces you will have to select the Static option and provide the chosen IP in each case together with the appropriate netmask. The simplest would be to use 255.255.255.0
What I am not sure about is if IPFire will accept it if you leave the gateway input blank. If it won’t then you will have to choose another IP from the red defined subnet. It won’t actually be connected to anything so your Gateway graph on the WUI menu Status - Network (other) will not show any results as it will not receive back any response to the gateway test ping signal.
Once you have the IPFire’s installed with the appropriate chosen IP’s then you can follow the IPSec net to net wiki instructions.
Design a network layout with segments/subnets not overlapped or already used.
IPSec cannot connect you from 192.168.1.0 to 192.168.1.0 on the other side of the tunnel.
RED interfaces must connect among them. Same or different subnets, no problem, but routing out of the box must allow internet connection and reach the other endpoint (Red interface of the opposite site) at least on 500 UDP
Thanks, i dont have problem for basic settings, the green zones and red zones, must be in different ranges, is that right? the problem is , ipsec status stucks at “CONNECTING” with orange collor , and does not connect, i dont know why, i did accept everything in rules, its been days i have this problem