Skip to main content

Set up IPSec VPN

Updated

You can use Preshared Key (PSK) authentication to create a basic site-to-site VPN when you don’t need advanced tunnel authentication and management controls.

  Note

You can safely leave all advanced settings with their default values. You can have the same settings and values on both peers, or reverse remote and local settings where needed.

Steps

1. Create the primary tunnel specification on the primary system

  1. Go to NETWORK > VPN.
  2. Select IPsec subnets.
  3. Enter a descriptive Name for the tunnel.
  4. Select Enabled.

2. Configure your Local IP address

  1. Select the external Local IP address for the primary tunnel

  2. Enter the Local network that the secondary system can access. Ensure the values are in the IP address/network mask format. For example: 192.168.10.0/255.255.255.0.

      Note

    The IP address should correspond to an existing local network.

  3. From the Local ID type list, select the method for the primary system to identify itself to the secondary system. You can use a static external IP for the ID value.

      Note

    If you select local, leave the Local ID value empty. It's auto-generated when Local IP is chosen as the local ID type.

3. Configure your secondary system

  1. Enter your secondary system’s IP address. If the IP address is:
    • Static: Enter the Remote IP or hostname.
    • Dynamic: Leave this field blank.

  2. Specify the Remote network on the secondary system that the primary system can access. Enter the values in the IP address/network mask format. For example: 192.168.20.0/255.255.255.0.

      Note

    This should correspond to an existing local network.

  3. From the Remote ID type list, select Remote IP (or ANY if blank Remote IP). This means that the primary system can use the secondary’s IP address (if one was specified).
  4. Enter the Remote ID value and the Local IP address of the secondary system.

4. Authenticate your secondary system

  1. From the Authenticate by list, select Preshared Key. This instructs Smoothwall Firewall to authenticate the secondary system by validating a shared pass phrase.
  2. Enter the Preshared Key pass-phrase, and then enter Preshared Key again for confirmation.

5. Finalise the setup

  1. Enter a descriptive comment. For example: Tunnel to Birmingham Branch.
  2. Select Add.

Smoothwall Filter and Firewall will place your new VPN tunnel in the Current tunnels section.

Next steps

  1. Create the secondary tunnel specification.
  2. Ensure the system is working.
  3. Activate the tunnel.