4 network-vpn-ipsec - Configure IPsec VPN connections
8 'network vpn ipsec [new|destroy]' NAME...
9 'network vpn ipsec' NAME COMMAND ...
12 With help of the 'vpn ipsec', it is possible to create, destroy
13 and edit IPsec VPN connections.
17 The following commands are understood:
20 A new IPsec VPN connection may be created with the 'new' command.
22 NAME does not allow any spaces.
25 A IPsec VPN connection can be destroyed with this command.
27 For all other commands, the name of the IPsec VPN connection needs to be passed first:
30 Shows the configuration of the IPsec VPN connection
32 'NAME authentication mode'::
33 Set the authentication mode out of the following available modes:
36 'NAME authentication psk PSK'::
37 Set the pre-shared-key to PSK, only useful when the authentication mode is psk:
39 include::include-color.txt[]
41 include::include-description.txt[]
44 Shutdown a etablished IPsec VPN connection
46 'NAME inactivity-timeout TIME'::
47 Set the inactivity timeout with TIME in seconds or in the format hh:mm:ss
50 Specify the identity of the local system.
52 The ID must be in one of the following formats:
55 * a string which starts with @
57 'NAME local prefix [PREFIX-LIST|+PREFIX ...|-PREFIX ...]'::
58 Specify the subnets of the local system which should be made available to the remote peer.
60 'NAME mode [transport|tunnel]'::
61 Set the mode of the IPsec VPN connection.
64 Set the peer to which the IPsec VPN connection should be etablished.
67 Specify the identity of the remote machine.
69 The ID must be in one of the following formats:
72 * A string which starts with @
74 'NAME remote prefix [PREFIX-LIST|+PREFIX ...|-PREFIX ...]'::
75 Specify the subnets which the remote side makes available to us.
77 'NAME security-policy'::
78 Set the security policy which the connection uses.
80 See link:network-vpn-security-policies[8] for details.
83 Establishes the IPsec VPN connection to the remote peer.
86 When you specify a zone of type ip-tunnel here the IPsec connection is established over a vti tunnel.
87 The remote and local prefixes are ignored. Imagine a fiber connection between this two machines, and how you would use it.
88 The IPsec VPN connection works in the same way. You must configure routes and IP addresses of the ip-tunnel hook manually.