Table of Contents

Connecting ClearOS IPsec to Netgear

This guide covers tips for connecting ClearOS 6.x to Netgear routers. Specifically it was tested against the SRX5308 / FVX538 / FVS336G running the latest firmwares as of Jan 12, 2013.

Configuration ClearOS Side

In preparation for running the tunnel, please install the ClearOS IPSec VPN module. You must also all the IPsec traffic as an incoming firewall rule. Use the standard services pulldown menu and add 'IPsec' as the firewall rule in the Incoming firewall module.

For this example we will use invalid IP addresses for the external addresses please replace the addresses with your own. For the ClearOS side of the tunnel the network is 192.168.1.0/24. For the Netgear side the network is 10.1.1.0/24. The public WAN IP of the ClearOS server is the invalid address of 260.1.7.15 and the invalid WAN IP address of the Netgear is 302.7.3.45 for our examples.

ipsec.unmanaged.TUNNEL.conf

conn TUNNEL
    authby=secret
    auto=start
    left=302.7.3.45
    leftsubnet=10.1.1.0/24
    leftsourceip=10.1.1.1
    leftid=302.7.3.45
    right=260.1.7.15
    rightsubnet=192.168.1.0/24
    rightsourceip=192.168.1.1
    rightid=260.1.7.15
    keylife=1h
    ikelifetime=8h
    dpddelay=10
    dpdtimeout=30
    dpdaction=restart

ipsec.unmanaged.TUNNEL.secrets

260.1.7.15 302.7.3.45 : PSK "supersecretpassword"

Netgear configuration

On the Netgear side of things you will need to do the following:

Next: Create a VPN policy

search?q=clearos%2C%20clearos%20content%2C%20AppName%2C%20app_name%2C%20kb%2C%20howto%2C%20xcategory%2C%20maintainer_dloper%2C%20maintainerreview_x%2C%20keywordfix&btnI=lucky