pteuz Wiki

Configuration en CLI avec UCI : se connecter en SSH root@routeur, puis :

uci show ipsec
ipsec.@ipsec[0].rtinstall_enabled='1'
ipsec.CORP=remote
ipsec.CORP.crypto_proposal='CORP_ph1'
ipsec.CORP.gateway='10.0.128.14'
ipsec.CORP.authentication_method='psk'
ipsec.CORP.tunnel='CORP_c'
ipsec.CORP.force_crypto_proposal='0'
ipsec.CORP.enabled='1'
ipsec.CORP.pre_shared_key='secret PSK'
ipsec.CORP_c=connection
ipsec.CORP_c.crypto_proposal='CORP_ph2'
ipsec.CORP_c.mode='start'
ipsec.CORP_c.type='tunnel'
ipsec.CORP_c.defaultroute='0'
ipsec.CORP_c.forceencaps='no'
ipsec.CORP_c.remote_firewall='no'
ipsec.CORP_c.ikelifetime='86000'
ipsec.CORP_c.force_crypto_proposal='0'
ipsec.CORP_c.keyexchange='ikev1'
ipsec.CORP_c.lifetime='43200'
ipsec.CORP_c.local_firewall='yes'
ipsec.CORP_c.local_subnet='10.144.1.0/24'
ipsec.CORP_c.remote_subnet='10.192.0.0/29'
ipsec.CORP_ph1=proposal
ipsec.CORP_ph1.encryption_algorithm='aes256'
ipsec.CORP_ph1.hash_algorithm='sha1'
ipsec.CORP_ph1.dh_group='modp2048'
ipsec.CORP_ph2=proposal
ipsec.CORP_ph2.encryption_algorithm='aes256'
ipsec.CORP_ph2.hash_algorithm='sha1'
ipsec.CORP_ph2.dh_group='modp2048'
 
# modifier un paramètre :
uci set ipsec.CORP_c.local_subnet='10.144.1.0/24'
 
# sauver et appliquer les modifs :
uci commit ipsec
/etc/init.d/ipsec restart

Vérif du status du tunnel :

ipsec status
Security Associations (1 up, 0 connecting):
CORP-CORP_c[1]: ESTABLISHED 15 hours ago, 10.229.16.74[10.229.16.74]...10.0.128.14[10.0.128.14]
CORP-CORP_c{2}:  INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c02723a1_i b7484c0d_o
CORP-CORP_c{2}:   10.144.1.0/24 === 10.192.0.0/29

• UCI command usage (wiki Teltonika)