Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick Road Warrior FireBrick Config: Difference between revisions

FireBrick Road Warrior FireBrick Config (view source)

Revision as of 09:25, 14 December 2018

347 bytes added ,  14 December 2018
m
→‎Configuration
m (clean up, typos fixed: eg → e.g. (3))
(4 intermediate revisions by 2 users not shown)
'''Think about the NAT'''
 
A problem arises however when the LAN subnet is non-routable (RFC1918 IPs, e.g. 1923192.168.x.x).
In this case the LAN subnet is usually marked NAT in the FB config,
so LAN devices can communicate externally (obviously for outgoing
 
<syntaxhighlight lang=xml>
<ipsec-ike force-NAT="0.0.0.0/0">
<connection name="server" roaming-pool="roam-pool" auth-method="Certificate" peer-auth-method="EAP" mode="Wait" local-ID="FQDN:server.example.com"/>
<roaming name="roam-pool" ip="[ranges of LAN IPs, inc IPv6]" DNS="[DNS, e.g. 8.8.8.8]"/>
</ipsec-ike>
</syntaxhighlight>
 
Note: the force-NAT="0.0.0.0/0" forces keep-alives which are needed when NAT is involved between the endpoints but and also helps where stateful firewalls are in the route too. (without this set, you may find that the ipsec tunnel drops every hour or so)
Each roaming user then needs an <tt>eap</tt> user record.
 
Each roaming user then needs an <tt>eap</tt> user record. This goes with any user entries near the top of the config.
 
<syntaxhighlight lang=xml>
AA-Andrew
autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators
12,270

edits

Retrieved from ‘http://support.aa.net.uk/Special:MobileDiff/11973...13761