VPN IPsec using IPFire and Lancom

Requirements

• Static IP on both sites
• if you don't have a static IP then you have to use dynamic dns
• newest ipFire version and actual Lancom firmware

Configuration ipFire

Activate IPsec and add the ipFire WAN IP. If you´re behind a NAT Router, then use %defaultroute

Add a new connection and use Net2Net VPN

Choose a name for this connection, add the remote WAN IP, define your local and your remote ID and add the remote subnet. Check advanced settings! and generate a strong PreSharedKey. Save your settings.

Use the proposal settings that you see in the picture and save!

Configuration Lancom

Activate the VPN module. If the ipFire or the Lancom is behind NAT then activate NAT-Traversal. Choose "collective" for KeepAlive.

Go to IKE/IPsec -> IPSec-Proposals and define a Phase2 Proposal:

Go to IPSec-Proposal-Lists and add your new Phase2 Proposal:

Go to IKE-Keys & Identities and add a new ID.

Go to IKE-Proposals and define a Phase1 Proposal:

Go to IKE-Proposal-Lists and add your new Phase1 Proposal:

Go to Connections-Parameters and add your settings:

Go to Cennections-Lists and add a new conneciton:

Go to IP-Router -> Routing -> IPv4 Routing-Table and add a route to your ipFire LAN (green):

Save your settings and enjoy your new VPN Site-to-Site connection