VPN SITE TO SITE possible?

riccardoprandini · 4 October 2021 11:09

Hi!

I have this setup today with a Zyxel (is not stable):

(local-subnets)----(172.21.0.0/255)vlanX[Ipfire]wan(192.168.0.2)----(0.1)ISP-Router-----{internet}----(62.97.2.6)wan[Remote-GW-Peer]lan----(remote-subnets)

The info about ipsec

authby=secret
type=tunnel
aggrmode=no
keyexchange=ikev1
ike=aes256-sha1;modp1024
ikelifetime=86400s
salifetime=28800s
initial-contact=yes
pfs=no
phase2=esp
phase2alg=aes128-sha1;modp1024
leftid=188.218.x.y
left=188.218.x.y
leftsubnet=10.201.108.30
rightid=62.97.2.6
right=62.97.2.6
rightsubnets={ 10.209.32.0/24 10.209.12.0/24 10.209.21.0/24 10.210.21.0/24 10.209.40.0/24 10.211.12.0/24 10.211.40.121/32 10.209.24.0/24 }

We have to connect to other endpoint 62.97.2.6.
The problem is that we have to snat each traffic that is destinated to the right subnet show us as 10.201.108.30.

ms · 5 October 2021 10:04

What is stopping you from using the UI?

IPsec VPNs with products of any other vendor should usually work just fine.

riccardoprandini · 5 October 2021 12:53

I don’t know how to obtain what I need with the UI.

I know this from the manual.

Enable
2)New Net to Net VPN
2.1)Local Subnet the subnet source of the data.
2.2)Remote Host 62.97.2.6
2.3)Local ID ???
2.4) Remote Subnet ???
2.5) Remote ID

3)ipsec
3.1)Mode tunnel or Transport?? (i THINK TUNNEL BUT WHAT DOES IT INVOLVES)
3.2) None / Gre / VTI ?? I think VTI but what does it involve.

4)Advanced
I can choose the correct protocols.

When i know what are the fields i can write the correct data inside.

How to route the packet, snat them??