CLI command: ipsec

Syntax of the CLI command ipsec for IPSec VPN connections

Last adaptation to the version: 12.4.0

New:

New command: ipsec chiper get
New command: ipsec load shared_secrets v12.2.5.1

Last updated:

06.2024

notempty

This article refers to a Resellerpreview

11.8 11.7

If several values are passed for one parameter, the values must be specified in square brackets with a space(!) between [ . Example: interface zone set id 4711 flags [ POLICY_IPSEC PPP_VPN ]
If no values are to be passed for a parameter, two square brackets must be used. Example interface set name LAN1 flags [ ]

Command	Parameter	Description	Example
ipsec new ipsec new	ike_version	Create a new IPSec VPN connection Permitted values: IKEv1, IKEv2	ipsec new ike_version "IKEv1" local_auth "PSK" remote_auth "PSK" local_secret "geheim" remote_secret "geheim" local_subnet "192.168.10.0/24" remote_subnet "192.168.20.0/24" local "184.173.97.210" remote "62.116.166.66" flags [ ADD DPD ]
	local_auth	Permitted values: PSK, RSASIG
	remote_auth	Permitted values: PSK, RSASIG
	local_secret	Preshared key e.g.: secret
	remote_secret	Preshared key e.g.: secret
	local_authobj	Name of the x.509 certificate or the RSA key for identification
	remote_authobj	Name of the x.509 certificate or the RSA key for identification
	local_subnet	Local subnet for the tunnel. IP address with subnet mask
	remote_subnet	Remote subnet for the tunnel. IP address with subnet mask
	remote_subnet_within	L2TP subnet in phase 2 (usually set automatically)
	local	Local interface or IP address
	remote	Remote interface or IP address
	local_id	Local Gateway ID (=local if not specified)
	remote_id	Remote Gateway ID (=remote if not specified)
	ike	ike chipher (Default: aes128-sha2_256-modp2048)
	esp	esp chipher (Default: aes128-sha2_256)
	flags	Permitted values: ADD, START, ROUTE, IGNORE, DPD, NOPFS, LOCAL_SRC_ADDR, REMOTE_SRC_ADDR, XAUTH, L2TP
	nexthop	Address or interface

ipsec set ipsec set	id	Changing an IPSec VPN Connection	ipsec set ike_version "ikev1" local_auth "PSK" remote_auth "PSK" local_secret "geheim" remote_secret "geheim" local_subnet "192.168.10.0/24" remote_subnet "192.168.20.0/24" local "184.173.97.210" remote "62.116.166.66" flags [ ADD DPD ]
ipsec set ipsec set	abc	The other parameters and their syntax are identical to the command ipsec new

ipsec get ipsec get		Listing of the established IPSec VPN connections. The parameter id is required.	ipsec get

ipsec delete	id	Deleting an IPSec VPN Connection	ipsec delete id "2"
ipsec delete	name	Deleting an IPSec VPN Connection	ipsec delete name "ipsec-name"

ipsec restart ipsec restart	id	Restarting an IPSec VPN connection	ipsec restart id "2"
ipsec restart ipsec restart	name	Restarting an IPSec VPN connection	ipsec restart name "ipsec-name"

ipsec update ipsec update		Reload IPSec VPN configuration	ipsec update

ipsec load shared_secrets ipsec load shared_secrets		Reloads any changed shared_secrets (mschapv2 credentials, PSKs)	ipsec load shared_secrets

ipsec status ipsec status		Output of IPSec status information	ipsec status

ipsec subnet ipsec subnet new ipsec subnet new	id	Syntax: ipsec subnet new id <ipsec-id> local_subnet <networkaddr> remote_subnet <networkaddr> Adding a new subnet to an IPSec connection. id corresponds to the id of the IPSec connection (ipsec get)	ipsec subnet new id "2" local_subnet "192.168.10.0/24" remote_subnet "192.168.50.0/24"
	local_subnet	Local subnet for the tunnel. IP address with subnet mask
	remote_subnet	Remote subnet for the tunnel. IP address with subnet mask

ipsec subnet set ipsec subnet set	subnet_id	Syntax: ipsec subnet set id <ipsec-id> local_subnet <networkaddr> remote_subnet <networkaddr> Change an IPSec subnet. subnet_id is the id of the subnet.	ipsec subnet set id "2" local_subnet "192.168.10.0/24" remote_subnet "192.168.70.0/24"
ipsec subnet set ipsec subnet set	abc	The other parameters and their syntax are identical to the command ipsec subnet new

ipsec subnet delete ipsec subnet delete	id	Delete an IPSec subnet.	ipsec subnet delete subnet_id "2"

ipsec chiper get ipsec cipher get		Lists the IPSec ciphers	ipsec chiper get

ipsec new

ipsec set

ipsec get

ipsec restart

ipsec update

ipsec load shared_secrets

ipsec status

ipsec subnet

ipsec subnet new

ipsec subnet set

ipsec subnet delete

ipsec chiper get