IKEv2
From Wiki of WFilter NG Firewall
(Difference between revisions)
(Created page with "== IKEv2 Server == IKEv2 Server provides a dial-in VPN service based on IKEv2+MSCHAPv2 authentication. == Settings == IKEv2 requires public internet IP address(es), as show...") |
|||
| Line 6: | Line 6: | ||
IKEv2 requires public internet IP address(es), as shown in below figure: | IKEv2 requires public internet IP address(es), as shown in below figure: | ||
| − | * WAN IP: choose the WAN ip address to | + | * WAN IP: choose the WAN ip address to run IKEv2 service on. |
* VPN Subnet: a subnet for VPN clients. For example: 10.7.1.0/24 | * VPN Subnet: a subnet for VPN clients. For example: 10.7.1.0/24 | ||
* Push Route: defines routing for clients. | * Push Route: defines routing for clients. | ||
Latest revision as of 15:10, 9 June 2026
[edit] 1 IKEv2 Server
IKEv2 Server provides a dial-in VPN service based on IKEv2+MSCHAPv2 authentication.
[edit] 2 Settings
IKEv2 requires public internet IP address(es), as shown in below figure:
- WAN IP: choose the WAN ip address to run IKEv2 service on.
- VPN Subnet: a subnet for VPN clients. For example: 10.7.1.0/24
- Push Route: defines routing for clients.
To allow IKEv2 clients to access network, you also need to setup firewall policies in Firewall->Rules.
[edit] 3 Client Setup
First you need to download the CA certificate in "VPN - Open VPN server" and install it to the client devices. You also need to add VPN users in "User Auth -> Accounts". Then you shall be able to login IKEv2 VPN clients.
