WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

13340 questions

15854 answers

25641 comments

50336 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to wifi openvpn sms not trb140 firmware rutx09 ipsec rutx12 on - connection modbus

IPSEC Site to Site VPN between PFSense and Teltonika RUT 955

0 votes
869 views 0 comments
by
Hi All... I've been trying without success to create a stable IPSEC "Site to Site" VPN between my Motorhome with an RUT955 running a mobile network and my home PFsense device with a static IP address from my provider.. I'd like to be able to access resources both ways please.. Could somebody please provide a working configuration that I can follow to get this working.. Thanks and well done all for the great work you are all doing on here.

Schematic:

Motorhome (192.168.1.0/24 LAN) <----> IPSEC <----> PFSense (10.44.5.0/24 LAN)

2 Answers

0 votes
by

Hello,

Right now we do not have access to the Pf-sense device to test configuration but I think you will find this guide useful: https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-s2s-psk.html

It explains in-depth how to configure IPSec VPN on their side.

We do have another guide on how to configure our device with another: https://wiki.teltonika-networks.com/view/Setting_up_an_IPsec_tunnel_between_RUT_and_Cisco_device

I hope it helps, but if you will be unsuccessful, please post your configuration from both sides.

Regards.

0 votes
by

RUT950 : LAN 192.168.0.0/24

Remote ip endpoint = public ip pfsense interface

 Pfsense: LAN 192.168.0.0/24

Remote gateway= 0.0.0.0 if RUT behind NAT otherwise public ip of RUT950

pre-shared-key=same on RUT, invent a key

nat_traversal="force" if RUT behind NAT otherwise "auto"

<phase1>

<ikeid>2</ikeid>

<iketype>ikev1</iketype>

<mode>main</mode>

<interface>wan</interface>

<remote-gateway>0.0.0.0</remote-gateway>

<protocol>inet</protocol>

<myid_type>address</myid_type>

<myid_data>192.168.0.254</myid_data>

<peerid_type>address</peerid_type>

<peerid_data>192.168.1.254</peerid_data>

<encryption>

<item>

<encryption-algorithm>

<name>3des</name>

<keylen></keylen>

</encryption-algorithm>

<hash-algorithm>sha512</hash-algorithm>

<prf-algorithm>md5</prf-algorithm>

<dhgroup>5</dhgroup>

</item>

</encryption>

<lifetime>28800</lifetime>

<rekey_time></rekey_time>

<reauth_time>0</reauth_time>

<rand_time>0</rand_time>

<pre-shared-key>xxxx</pre-shared-key>

<private-key></private-key>

<certref></certref>

<pkcs11certref></pkcs11certref>

<pkcs11pin></pkcs11pin>

<caref></caref>

<authentication_method>pre_shared_key</authentication_method>

  <nat_traversal>force</nat_traversal>

<mobike>on</mobike>

<closeaction>trap</closeaction>

<responderonly></responderonly>

<splitconn></splitconn>

</phase1>

<phase2>

<ikeid>2</ikeid>

<uniqid>7a4d58a6e595a</uniqid>

<mode>tunnel</mode>

<reqid>2</reqid>

<localid>

<type>network</type>

<address>192.168.0.0</address>

<netbits>24</netbits>

</localid>

<remoteid>

<type>network</type>

<address>192.168.1.0</address>

<netbits>24</netbits>

</remoteid>

<protocol>esp</protocol>

<encryption-algorithm-option>

<name>3des</name>

</encryption-algorithm-option>

<hash-algorithm-option>hmac_sha512</hash-algorithm-option>

<pfsgroup>5</pfsgroup>

<lifetime>3600</lifetime>

<rekey_time>0</rekey_time>

<rand_time>0</rand_time>

<pinghost></pinghost>

</phase2>