WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

IPSEC Site to Site VPN between PFSense and Teltonika RUT 955

0 votes
1,329 views 0 comments
by anonymous
Hi All... I've been trying without success to create a stable IPSEC "Site to Site" VPN between my Motorhome with an RUT955 running a mobile network and my home PFsense device with a static IP address from my provider.. I'd like to be able to access resources both ways please.. Could somebody please provide a working configuration that I can follow to get this working.. Thanks and well done all for the great work you are all doing on here.

Schematic:

Motorhome (192.168.1.0/24 LAN) <----> IPSEC <----> PFSense (10.44.5.0/24 LAN)

2 Answers

0 votes
by anonymous

Hello,

Right now we do not have access to the Pf-sense device to test configuration but I think you will find this guide useful: https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-s2s-psk.html

It explains in-depth how to configure IPSec VPN on their side.

We do have another guide on how to configure our device with another: https://wiki.teltonika-networks.com/view/Setting_up_an_IPsec_tunnel_between_RUT_and_Cisco_device

I hope it helps, but if you will be unsuccessful, please post your configuration from both sides.

Regards.

0 votes
by anonymous

RUT950 : LAN 192.168.0.0/24

Remote ip endpoint = public ip pfsense interface

 Pfsense: LAN 192.168.0.0/24

Remote gateway= 0.0.0.0 if RUT behind NAT otherwise public ip of RUT950

pre-shared-key=same on RUT, invent a key

nat_traversal="force" if RUT behind NAT otherwise "auto"

<phase1>

<ikeid>2</ikeid>

<iketype>ikev1</iketype>

<mode>main</mode>

<interface>wan</interface>

<remote-gateway>0.0.0.0</remote-gateway>

<protocol>inet</protocol>

<myid_type>address</myid_type>

<myid_data>192.168.0.254</myid_data>

<peerid_type>address</peerid_type>

<peerid_data>192.168.1.254</peerid_data>

<encryption>

<item>

<encryption-algorithm>

<name>3des</name>

<keylen></keylen>

</encryption-algorithm>

<hash-algorithm>sha512</hash-algorithm>

<prf-algorithm>md5</prf-algorithm>

<dhgroup>5</dhgroup>

</item>

</encryption>

<lifetime>28800</lifetime>

<rekey_time></rekey_time>

<reauth_time>0</reauth_time>

<rand_time>0</rand_time>

<pre-shared-key>xxxx</pre-shared-key>

<private-key></private-key>

<certref></certref>

<pkcs11certref></pkcs11certref>

<pkcs11pin></pkcs11pin>

<caref></caref>

<authentication_method>pre_shared_key</authentication_method>

  <nat_traversal>force</nat_traversal>

<mobike>on</mobike>

<closeaction>trap</closeaction>

<responderonly></responderonly>

<splitconn></splitconn>

</phase1>

<phase2>

<ikeid>2</ikeid>

<uniqid>7a4d58a6e595a</uniqid>

<mode>tunnel</mode>

<reqid>2</reqid>

<localid>

<type>network</type>

<address>192.168.0.0</address>

<netbits>24</netbits>

</localid>

<remoteid>

<type>network</type>

<address>192.168.1.0</address>

<netbits>24</netbits>

</remoteid>

<protocol>esp</protocol>

<encryption-algorithm-option>

<name>3des</name>

</encryption-algorithm-option>

<hash-algorithm-option>hmac_sha512</hash-algorithm-option>

<pfsgroup>5</pfsgroup>

<lifetime>3600</lifetime>

<rekey_time>0</rekey_time>

<rand_time>0</rand_time>

<pinghost></pinghost>

</phase2>