CLEAROS DOCUMENTATION

content:en_us:kb_o_connecting_clearos_ipsec_to_netgear

Table of Contents

Connecting ClearOS IPsec to Netgear

This guide covers tips for connecting ClearOS 6.x to Netgear routers. Specifically it was tested against the SRX5308 / FVX538 / FVS336G running the latest firmwares as of Jan 12, 2013.

Configuration ClearOS Side

In preparation for running the tunnel, please install the ClearOS IPSec VPN module. You must also all the IPsec traffic as an incoming firewall rule. Use the standard services pulldown menu and add 'IPsec' as the firewall rule in the Incoming firewall module.

For this example we will use invalid IP addresses for the external addresses please replace the addresses with your own. For the ClearOS side of the tunnel the network is 192.168.1.0/24. For the Netgear side the network is 10.1.1.0/24. The public WAN IP of the ClearOS server is the invalid address of 260.1.7.15 and the invalid WAN IP address of the Netgear is 302.7.3.45 for our examples.

ipsec.unmanaged.TUNNEL.conf

conn TUNNEL
    authby=secret
    auto=start
    left=302.7.3.45
    leftsubnet=10.1.1.0/24
    leftsourceip=10.1.1.1
    leftid=302.7.3.45
    right=260.1.7.15
    rightsubnet=192.168.1.0/24
    rightsourceip=192.168.1.1
    rightid=260.1.7.15
    keylife=1h
    ikelifetime=8h
    dpddelay=10
    dpdtimeout=30
    dpdaction=restart

ipsec.unmanaged.TUNNEL.secrets

260.1.7.15 302.7.3.45 : PSK "supersecretpassword"

Netgear configuration

On the Netgear side of things you will need to do the following:

  • Add IKE policy.
  • Call it TUNNEL (for example. you can call it something else as well).
  • Set the Preshared Key to some random string up to 49 characters (for our example we used 'supersecretpassword' without the quotes).
  • Enable Dead Peer Detection.
  • Leave everything else at default.

Next: Create a VPN policy

  • Set the policy name to TUNNEL (for example. you can call it something else as well).
  • Set remote end point IP 260.1.7.15 (for our example we use this invalid IP address as discussed earlier).
  • Set up the valid local and remote IPs and subnets correctly under Traffic Selection.
  • Turn ON PFS key group and set to DH Group2 (1024 bit) under VPN policy.
  • Select TUNNEL as the IKE policy.

search?q=clearos%2C%20clearos%20content%2C%20AppName%2C%20app_name%2C%20kb%2C%20howto%2C%20xcategory%2C%20maintainer_dloper%2C%20maintainerreview_x%2C%20keywordfix&btnI=lucky

content/en_us/kb_o_connecting_clearos_ipsec_to_netgear.txt · Last modified: 2014/12/23 20:53 (external edit)

Page Tools

Trace: Connecting ClearOS IPsec to Netgear