I made ipsec tunnel between two public ip4 addresses WANIP Turris ==== WANIP Fortigate.
Connection was established.
i made changes only in /etc/ipsec.conf
I have no idea how to route traffic from my local LAN to rightsubnet.
I have no clue about iptables etc. Do I need zone? another interface?
Hi Pavel.
IPSec does not create a tunnel interface by default, it works on IP layer. If you want to have a tunnel interface, you need to chose some tunneling protocol (like GRE for example) and encapsulate the GRE protocol in the IPSec.
But you can use plain IPSec, you just need to add correct rules to the iptables.
i will try to make hard reset of my turris router and start again. but i noticed that i have no xfrm policy. how to create one? should it happen automaticaly? by ipsec.conf or not?
so, if i make ipsec tunnel with WAN public IP adressess and create some magic rule to ip tables it will work? like this?
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
but what is tun0? and how to create it? in turris? it happens automaticaly? I tried this: https://youtu.be/HDqAl_PozCU but with ikev1. i think packet wasnt marked (i dont see xfrm policy and traffic on ipsec).
Your setup differs if you have a policy based IPSec VPN or route based IPSec VPN (but you can have policy based VPN on one side and route based VPN on the other side).
I tried it a week ago. When i put configuration to #/etc/config/ipsec and run #/etc/init.d/ipsec, it generate ike v2 connection in ipsec.conf file, but in article example is juniper ike v1 configuration.
My question is: What is better?
Manually edit /etc/ipsec.conf file? (tunnel is established, but no traffic) And what i should to do next in this case? On Turris router.
Should I edit /etc/config/ipsec file? Do i need to do something else with Turris router configuration?