notempty
notempty
notempty Dieser Artikel bezieht sich auf eine nicht mehr aktuelle Version!
notempty
Der Artikel für die neueste Version steht hier
Zu diesem Artikel gibt es bereits eine neuere Version, die sich allerdings auf eine Beta-Version bezieht
Syntax of the CLI command ipsec for IPSec VPN connections
Last adaptation to the version: 11.8.12 (02.2021)
Previous versions: 11.7
- If several values are passed for one parameter, the values must be specified in square brackets with a space(!) between [ . Example: interface zone set id 4711 flags [ POLICY_IPSEC PPP_VPN ]
- If no values are to be passed for a parameter, two square brackets must be used. Example interface set name LAN1 flags [ ]
| Command | Parameter | Description | Example |
|---|---|---|---|
ipsec getipsec get |
- | Listing of the established IPSec VPN connections. The parameter id is required. |
ipsec get |
ipsec newipsec new |
ike_version | Create a new IPSec VPN connection Permitted values: IKEv1, IKEv2 |
ipsec new ike_version "IKEv1" local_auth "PSK" remote_auth "PSK" local_secret "geheim" remote_secret "geheim" local_subnet "192.168.10.0/24" remote_subnet "192.168.20.0/24" local "184.173.97.210" remote "62.116.166.66" flags [ ADD DPD ] |
| local_auth | Permitted values: PSK, RSASIG | ||
| remote_auth | Permitted values: PSK, RSASIG | ||
| local_secret | Preshared key e.g.: secret | ||
| remote_secret | Preshared key e.g.: secret | ||
| local_authobj | Name of the x.509 certificate or the RSA key for identification | ||
| remote_authobj | Name of the x.509 certificate or the RSA key for identification | ||
| local_subnet | Local subnet for the tunnel. IP address with subnet mask | ||
| remote_subnet | Remote subnet for the tunnel. IP address with subnet mask | ||
| remote_subnet_within | L2TP subnet in phase 2 (usually set automatically) | ||
| local | Local interface or IP address | ||
| remote | Remote interface or IP address | ||
| local_id | Local Gateway ID (=local if not specified) | ||
| remote_id | Remote Gateway ID (=remote if not specified) | ||
| ike | ike chipher (Default: aes128-sha2_256-modp2048) | ||
| esp | esp chipher (Default: aes128-sha2_256) | ||
| flags | Permitted values: ADD, START, ROUTE, IGNORE, DPD, NOPFS, LOCAL_SRC_ADDR, REMOTE_SRC_ADDR, XAUTH, L2TP | ||
| nexthop | Address or interface | ||
ipsec setipsec set |
id | Changing an IPSec VPN Connection | ipsec set ike_version "ikev1" local_auth "PSK" remote_auth "PSK" local_secret "geheim" remote_secret "geheim" local_subnet "192.168.10.0/24" remote_subnet "192.168.20.0/24" local "184.173.97.210" remote "62.116.166.66" flags [ ADD DPD ] |
| abc | The other parameters and their syntax are identical to the command ipsec new | ||
ipsec restartipsec restart |
id | Restarting an IPSec VPN connection | ipsec restart id "2" |
| name | ipsec restart name "ipsec-name" | ||
ipsec updateipsec update |
- | Reload IPSec VPN configuration | ipsec update |
ipsec statusipsec status |
- | Output of IPSec status information | ipsec status |
| ipsec delete | id | Deleting an IPSec VPN Connection | ipsec delete id "2" |
| name | ipsec delete name "ipsec-name" | ||
ipsec subnet newipsec subnet new |
id | Syntax: ipsec subnet new id <ipsec-id> local_subnet <networkaddr> remote_subnet <networkaddr> Adding a new subnet to an IPSec connection. id corresponds to the id of the IPSec connection (ipsec get) |
ipsec subnet new id "2" local_subnet "192.168.10.0/24" remote_subnet "192.168.50.0/24" |
| local_subnet | Local subnet for the tunnel. IP address with subnet mask | ||
| remote_subnet | Remote subnet for the tunnel. IP address with subnet mask | ||
| ipsec subnet set | subnet_id | Syntax: ipsec subnet set id <ipsec-id> local_subnet <networkaddr> remote_subnet <networkaddr> Change an IPSec subnet. subnet_id is the id of the subnet. |
ipsec subnet set id "2" local_subnet "192.168.10.0/24" remote_subnet "192.168.70.0/24" |
| abc | The other parameters and their syntax are identical to the command ipsec subnet new | ||
| ipsec subnet delete | id | Delete an IPSec subnet. | ipsec subnet delete subnet_id "2" |