IKEv2

From Wiki of WFilter NG Firewall
Jump to: navigation, search

1 IKEv2 Server

IKEv2 Server provides a dial-in VPN service based on IKEv2+MSCHAPv2 authentication.

2 Settings

IKEv2 requires public internet IP address(es), as shown in below figure:

  • WAN IP: choose the WAN ip address to run IKEv2 service on.
  • VPN Subnet: a subnet for VPN clients. For example: 10.7.1.0/24
  • Push Route: defines routing for clients.

Ikev2 server.png

To allow IKEv2 clients to access network, you also need to setup firewall policies in Firewall->Rules.

Ikev2 firewall.png

3 Client Setup

First you need to download the CA certificate in "VPN - Open VPN server" and install it to the client devices. You also need to add VPN users in "User Auth -> Accounts". Then you shall be able to login IKEv2 VPN clients.

Retrieved from "http://wiki.wfilterngf.com/index.php?title=IKEv2&oldid=1222"
Personal tools
Namespaces

Variants
Actions
Navigation
Tools