NAME
network-ipsec - Configure IPsec VPN connections
SYNOPSIS
network vpn ipsec [new|destroy] NAME… network vpn ipsec NAME COMMAND …
DESCRIPTION
With help of the vpn ipsec, it is possible to create, destroy and edit IPsec VPN connections.
COMMANDS
The following commands are understood:
- new NAME
-
A new IPsec VPN connection may be created with the new command.
NAME does not allow any spaces. - destroy NAME
-
A IPsec VPN connection can be destroyed with this command.
For all other commands, the name of the IPsec VPN connection needs to be passed first:
- NAME show
-
Shows the configuration of the IPsec VPN connection
- NAME authentication mode
-
Set the authentication mode out of the following available modes:
-
psk
-
- NAME authentication psk PSK
-
Set the pre-shared-key to PSK, only useful when the authentication mode is psk:
- color set <color>
-
The color is set with this command and required to be passed in RGB hex formatting
NOTE: The color is being used to make identification of network devices easier on the command line and web user interface. - color reset
-
Resets the color to blank.
- description edit
-
This command opens an editor and allows you to edit title and description.
NOTE: The formation of the description is similar to a git commit. Every description has a title, the first line of the description. The title is shown on the status page and in the web user interface. It should be something short like "Office Lan" or "DMZ". After the title can follow a longer description. - description show
-
Prints the description.
- NAME down
-
Shutdown a etablished IPsec VPN connection
- NAME inactivity-timeout TIME
-
Set the inactivity timeout with TIME in seconds or in the format hh:mm:ss
- NAME local id ID
-
Specify the identity of the local system.
The ID must be in one of the following formats:-
IP address
-
FQDN
-
a string which starts with @
-
- NAME local prefix [PREFIX-LIST|+PREFIX …|-PREFIX …]
-
Specify the subnets of the local system which should be made available to the remote peer.
- NAME mode [transport|tunnel]
-
Set the mode of the IPsec VPN connection.
- NAME peer PEER
-
Set the peer to which the IPsec VPN connection should be etablished.
- NAME remote id ID
-
Specify the identity of the remote machine.
The ID must be in one of the following formats:-
IP address
-
FQDN
-
A string which starts with @
-
- NAME remote prefix [PREFIX-LIST|+PREFIX …|-PREFIX …]
-
Specify the subnets which the remote side makes available to us.
- NAME security-policy
-
Set the security policy which the connection uses.
See network-vpn-security-policies(8) for details. - NAME up
-
Establishes the IPsec VPN connection to the remote peer.
- NAME zone
-
When you specify a zone of type ip-tunnel here the IPsec connection is established over a vti tunnel. The remote and local prefixes are ignored. Imagine a fiber connection between this two machines, and how you would use it. The IPsec VPN connection works in the same way. You must configure routes and IP addresses of the ip-tunnel hook manually.
AUTHORS
Michael Tremer, Jonatan Schlag