meta data for this page
Differences
This shows you the differences between two versions of the page.
| vpn_auf_pfsense_einrichten [04.02.2021 16:40] – created dev | vpn_auf_pfsense_einrichten [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== VPN auf pfSense einrichten ====== | ||
| - | |||
| - | ===== Zertifikate ===== | ||
| - | |||
| - | - Zuerst ein Server-Zertifikat erstellen mit dem CN = < | ||
| - | | ||
| - | |||
| - | |||
| - | ===== Unter VPN - IPSec einrichten: ===== | ||
| - | |||
| - | ==== Phase 1: ==== | ||
| - | - IKEv2 | ||
| - | - IPv4 | ||
| - | - Interface: WAN | ||
| - | - Auth Method: EAP-MSChapV2 | ||
| - | - My Identifier: IP < | ||
| - | - Peer identifier: any | ||
| - | - My Certificate: | ||
| - | - Enc: 3DES | ||
| - | - Key Length: SHA1 | ||
| - | - Hash 2 (1024 bit) | ||
| - | - Lifetime 28800 | ||
| - | |||
| - | ==== Phase 2: ==== | ||
| - | - Tunnel IPv4 | ||
| - | - Local Network: Network 0.0.0.0/0 | ||
| - | - NAT: None | ||
| - | - Protocol: ESP | ||
| - | - Enc: AES + 3DES | ||
| - | - Hash: SHA1 + SHA256 | ||
| - | - PFS Key group: off | ||
| - | - Lifetime 3600 | ||
| - | |||
| - | ==== Mobile Clients ==== | ||
| - | - Virtual Address pool: 192.168.77.0/ | ||
| - | - Provide default domain name: kraemerschwab.local | ||
| - | - DNS: <interne Router-Adresse> | ||
| - | |||
| - | ==== Pre-shared Keys ==== | ||
| - | - User erfassen (nur Kürzel, z.B. vdg, sonst klappt Anmeldung an server nicht) | ||
| - | - PSK auf EAP stellen | ||
| - | - PSK definieren (lang...) | ||
| - | |||
| - | ===== Firewall ===== | ||
| - | - Any to Any alles erlauben | ||