Aller à :navigation, rechercher
Wiki

UTM/VPN/SSL VPN-S2S v12.7

De Securepoint Wiki





notempty
Dieser Artikel bezieht sich auf eine nicht mehr aktuelle Version!

notempty
Der Artikel für die neueste Version steht hier

notempty
Zu diesem Artikel gibt es bereits eine neuere Version, die sich allerdings auf eine Beta-Version bezieht
 































































}}






















































































12.7.1

  • (v12.6.1)
Zuletzt aktualisiert:
    12.2024
' VPN


Site-to-Site Server

Site-to-Site Server
S2S Server

Site-to-Site Client

Site-to-Site Client
S2S Client



1
1 S2S Server

[[Datei: ]] 1



2
2 S2S Server
[[Datei: ]]
2


3
3 S2S Server
[[Datei: ]]
3
Name: S2S-server
|| UDP ||
Port: 1194
|| cs-ttt-point ||
|| » 192.168.175.0/24 ||


4
4 S2S Server
[[Datei: ]]
4
|| 192.168.190.0/24 ||
  • || 192.168.190.1/32 || rowspan="2" |
    || 192.168.190.2/24


    5
    5 S2S Server
    [[Datei: ]]
    5
    Name: S2S-client
    || .ttt-point.de ||
    || »192.168.174.0/24 ||


    S2S Server

    [[Datei: ]]
    Name: S2S-Server
    || tun0 ||
    Modus: SERVER
    || UDP (Default)
    TCP ||
    Port: 1194
    || NONE (Default)
    LOCAL
    RADIUS ||
    || cs-ttt-point ||
    || class=mw11 | tls-authtls-crypt ||
    notempty
    v12.6.1
     || SSL-VPN S2S ||
    || Default ||
    BF-CBC DES-EDE-CBC DES-EDE3-CBC CAST5-CBC AES-128-CBC AES-192-CBC AES-256-CBC AES-128-GCM AES-192-GCM AES-256-GCM
    || Default ||
    SHA1 SHA224 SHA256 SHA384 SHA512 whirlpool
    ||     ||
    IPv4 : 192.168.190.0/24
    IPv6 :       /64
    ||     ||
    Search Domain:    
    • Renegotiation:
    1
    (Default)
    2
    4 Stunden
    8 Stunden
    12 Stunden


    S2S Server
    [[Datei: ]]
    MTU: 1500
    || 1024 ||
    || ||
    || ||
    Multihome:

    || ||
    LZO:
    || ||
    Pass TOS:
    || 10 ||
    || 120 ||
    || 65536 Bytes ||
  • || 65536 Bytes ||
    || 64 ||
    || 15 ||


    S2S Server

    SSL-VPN UTMVPN SSL-VPN Log [[Datei: ]]


    SSL-VPN Server-Gegenstelle hinzufügen UTMVPNSSL-VPN [[Datei: ]]


    S2S Server

    [[Datei: ]]



    S2S Server

    [[Datei: ]]
    Name: sslvpn-S2S-Client-Network
    || VPN-Netzwerk ||
    || 192.168.174.0/24 ||
    Zone: vpn-ssl-S2S-Server
    ||     || Optional


    S2S Server

    [[Datei: ]]


    # NAT
    9 sslvpn-S2S-client-network internal-network default-internet Accept
    10 internal-network sslvpn-S2S-client-network default-internet Accept


    Routen
    Routen
    S2S Server
    [[Datei: ]]
    || tun2 ||
    || 192.168.174.0/24 || (S2S Client)

































    '

    '

    route set id <ID> flags BLACKHOLE_IF_OFFLINE



    1
    1 S2S Client

    [[Datei: ]] 1



    2
    2 S2S Client
    [[Datei: ]]
    2


    3
    3 S2S Client
    [[Datei: ]]
    3
    Name: S2S-client
    || UDP ||
  • || CC-S2S-Client-Network1 ||


    4
    4 S2S Client


    5
    5 S2S Client
    [[Datei: ]]
    5




    S2S Client

    [[Datei: ]]
    Name: S2S-client
    || tun4 ||
    Modus: CLIENT
    || UDP (Default)
    TCP ||
    || CC-S2S-Client-Network1 ||
    notempty
    v12.6.1
     || class=mw10 | tls-authtls-crypt ||
    notempty
    v12.6.1
     || SSL-VPN S2S ||
    || Default ||
    BF-CBC DES-EDE-CBC DES-EDE3-CBC CAST5-CBC AES-128-CBC AES-192-CBC AES-256-CBC AES-128-GCM AES-192-GCM AES-256-GCM
    || Default ||
    SHA1 SHA224 SHA256 SHA384 SHA512 whirlpool
    ||     ||
    Renegotiation:
    1
    (Default)
    2
    4
    8
    12


    S2S Client
    [[Datei: ]]
    MTU: 1500
    LZO:
    || ||
    Pass TOS:
    || 10 ||
    || 120 ||
    || 65536 Bytes ||
    || 65536 Bytes ||
    || 64 ||
    || 15 ||


    S2S Client

    S2S Client
    S2S Client
    [[Datei: ]]
    Name: sslvpn-S2S-Server-Network
    || ||
    || 192.168.175.0/24 ||
    Zone: vpn-ssl-S2S-client
    ||     || Optional


    S2S Client
    S2S Client
    S2S Client

    [[Datei: ]]

    # NAT
    5 internal-network sslvpn-S2S-server-network default-internet Accept
    4 sslvpn-S2S-server-network internal-network default-internet Accept


    S2S Client Routen
    S2S Client Routen
    S2S Client
    [[Datei: ]]
    || tun4 ||
    || 192.168.175.0/24 || (S2S Server)

































    '

    '

    route set id <ID> flags BLACKHOLE_IF_OFFLINE

    notempty
    12.6.2


    Multipath

    Multipath
    S2S Client
    openvpn get  openvpn set id $ID_DES_TUNNELS local_addr $IP_DES_INTERFACES


    UTMHTTP-Proxy

    || HTTP
    || Exclude
    || internal-network
    || name-vpn-netzwerk-objekt




























  • In dieser Seite werden die Variablen für unterschiedliche Sprachen definiert.
    Diese Seite wird auf folgenden Seiten eingebunden





















    '


    extc-Variable Default
    CONNECTION_RATE_LIMIT_TCP 0
    CONNECTION_RATE_LIMIT_TCP_PORTS
    CONNECTION_RATE_LIMIT_UDP 20 / 0
    CONNECTION_RATE_LIMIT_UDP_PORTS [ 1194 1195 ]

    extc value get application securepoint_firewall

    spcli extc value get application securepoint_firewall | grep RATE

    application |variable |value --------------------+-------------------------------+----- securepoint_firewall |… |… |CONNECTION_RATE_LIMIT_TCP |0 |CONNECTION_RATE_LIMIT_TCP_PORTS| |CONNECTION_RATE_LIMIT_UDP |20 |CONNECTION_RATE_LIMIT_UDP_PORTS|

    extc value set application securepoint_firewall variable CONNECTION_RATE_LIMIT_TCP value 20
    system update rule
    • extc value set application securepoint_firewall variable CONNECTION_RATE_LIMIT_TCP value 0
    system update rule
    extc value set application securepoint_firewall variable CONNECTION_RATE_LIMIT_TCP_PORTS value [ 443 11115 ]
    system update rule
    extc value set application securepoint_firewall variable CONNECTION_RATE_LIMIT_TCP_PORTS value [ ]
    system update rule
    extc value set application securepoint_firewall variable CONNECTION_RATE_LIMIT_UDP value 20
    system update rule
  • extc value set application securepoint_firewall variable CONNECTION_RATE_LIMIT_UDP value 0
    system update rule
    extc value set application securepoint_firewall variable CONNECTION_RATE_LIMIT_UDP_PORTS value [ 1194 1195 ]
    system update rule
    extc value set application securepoint_firewall variable CONNECTION_RATE_LIMIT_UDP_PORTS value [ ]
    system update rule

    extc value set application securepoint_firewall variable CONNECTION_RATE_LIMIT_TCP value 20
    extc value set application securepoint_firewall variable CONNECTION_RATE_LIMIT_TCP_PORTS value [ 443 11115 ]
    extc value set application securepoint_firewall variable CONNECTION_RATE_LIMIT_UDP value 20
    extc value set application securepoint_firewall variable CONNECTION_RATE_LIMIT_UDP_PORTS value [ ]
    system update rule

    Récupérée de "https://wiki.securepoint.de/index.php?title=UTM/VPN/SSL_VPN-S2S_v12.7&oldid=95242"