Jump to:navigation, search
Wiki





























De.png
En.png
Fr.png

Syntax of the CLI command ipsec for IPSec VPN connections

Last adaptation to the version: 11.8.12 (02.2021)


Previous versions: 11.7


  • If several values are passed for one parameter, the values must be specified in square brackets with a space(!) between [ . Example: interface zone set id 4711 flags [ POLICY_IPSEC PPP_VPN ]
  • If no values are to be passed for a parameter, two square brackets must be used. Example interface set name LAN1 flags [ ]


Command Parameter Description Example

ipsec get

ipsec get
- Listing of the established IPSec VPN connections.
The parameter id is required.
ipsec get

ipsec new

ipsec new
ike_version Create a new IPSec VPN connection
Permitted values: IKEv1, IKEv2
ipsec new ike_version "IKEv1" local_auth "PSK" remote_auth "PSK" local_secret "geheim" remote_secret "geheim" local_subnet "192.168.10.0/24" remote_subnet "192.168.20.0/24" local "184.173.97.210" remote "62.116.166.66" flags [ ADD DPD ]
local_auth Permitted values: PSK, RSASIG
remote_auth Permitted values: PSK, RSASIG
local_secret Preshared key e.g.: secret
remote_secret Preshared key e.g.: secret
local_authobj Name of the x.509 certificate or the RSA key for identification
remote_authobj Name of the x.509 certificate or the RSA key for identification
local_subnet Local subnet for the tunnel. IP address with subnet mask
remote_subnet Remote subnet for the tunnel. IP address with subnet mask
remote_subnet_within L2TP subnet in phase 2 (usually set automatically)
local Local interface or IP address
remote Remote interface or IP address
local_id Local Gateway ID (=local if not specified)
remote_id Remote Gateway ID (=remote if not specified)
ike ike chipher (Default: aes128-sha2_256-modp2048)
esp esp chipher (Default: aes128-sha2_256)
flags Permitted values: ADD, START, ROUTE, IGNORE, DPD, NOPFS, LOCAL_SRC_ADDR, REMOTE_SRC_ADDR, XAUTH, L2TP
nexthop Address or interface

ipsec set

ipsec set
id Changing an IPSec VPN Connection ipsec set ike_version "ikev1" local_auth "PSK" remote_auth "PSK" local_secret "geheim" remote_secret "geheim" local_subnet "192.168.10.0/24" remote_subnet "192.168.20.0/24" local "184.173.97.210" remote "62.116.166.66" flags [ ADD DPD ]
abc The other parameters and their syntax are identical to the command ipsec new

ipsec restart

ipsec restart
id Restarting an IPSec VPN connection ipsec restart id "2"
name ipsec restart name "ipsec-name"

ipsec update

ipsec update
- Reload IPSec VPN configuration ipsec update

ipsec status

ipsec status
- Output of IPSec status information ipsec status
ipsec delete id Deleting an IPSec VPN Connection ipsec delete id "2"
name ipsec delete name "ipsec-name"

ipsec subnet new

ipsec subnet new
id Syntax: ipsec subnet new id <ipsec-id> local_subnet <networkaddr> remote_subnet <networkaddr>
Adding a new subnet to an IPSec connection.
id corresponds to the id of the IPSec connection (ipsec get)
ipsec subnet new id "2" local_subnet "192.168.10.0/24" remote_subnet "192.168.50.0/24"
local_subnet Local subnet for the tunnel. IP address with subnet mask
remote_subnet Remote subnet for the tunnel. IP address with subnet mask
ipsec subnet set subnet_id Syntax: ipsec subnet set id <ipsec-id> local_subnet <networkaddr> remote_subnet <networkaddr>
Change an IPSec subnet. subnet_id is the id of the subnet.
ipsec subnet set id "2" local_subnet "192.168.10.0/24" remote_subnet "192.168.70.0/24"
abc The other parameters and their syntax are identical to the command ipsec subnet new
ipsec subnet delete id Delete an IPSec subnet. ipsec subnet delete subnet_id "2"