Welcome to the IPFire Wiki

This wiki is a community-maintained resource about everything there is to know about IPFire. Join us and help us improving it!

Looking for something?

Use the search and find answers to everything about IPFire. If you cannot find what you are looking for, join our community and talk to fellow IPFire users, developers and everybody else involved in the project.

IPFire Community

Differences in Revisions: VPN IPsec using IPFire and Lancom

Fix page syntax
# VPN IPsec using ipFire and Lancom
# VPN IPsec using IPFire and Lancom
 
==== Requirements ====\\
## Requirements
 
- Static IP on both sites\\
- Static IP on both sites
- if you don't have a static IP then you have to use dynamic dns\\
- if you don't have a static IP then you have to use dynamic dns
- newest ipFire version and actual Lancom firmware
 
#### Attention!
For this manual I used the German version of ipFire and Lancom! I translated the German box names to English.
 
#### Configuration ipFire
## Configuration ipFire
Activate IPsec and add the ipFire WAN IP. If you´re behind a NAT Router, then use **%defaultroute**
 
![](/en/configuration/services/ipsec/lancom-ipfire_activate_ipsec.jpg)
![](lancom-ipfire_activate_ipsec.jpg)
 
Add a new connection and use Net2Net VPN
 
Choose a name for this connection, add the remote WAN IP, define your local and your remote ID and add the remote subnet. Check advanced settings! and generate a strong PreSharedKey. Save your settings.
 
![](/en/configuration/services/ipsec/lancom-ipfire_ipsec_settings.jpg)
![](lancom-ipfire_ipsec_settings.jpg)
 
Use the proposal settings that you see in the picture and save!
 
![](/en/configuration/services/ipsec/lancom-ipfire_ipsec_para.jpg)
![](lancom-ipfire_ipsec_para.jpg)
 
#### Configuration Lancom
## Configuration Lancom
 
Activate the VPN module. If the ipFire or the Lancom is behind NAT then activate NAT-Traversal. Choose "collective" for KeepAlive.
 
![](/en/configuration/services/ipsec/lancom-ipfire_lancom_activate_ipsec.jpg)
![](lancom-ipfire_lancom_activate_ipsec.jpg)
 
Go to IKE/IPsec -> IPSec-Proposals and define a Phase2 Proposal:
 
![](/en/configuration/services/ipsec/lancom-ipfire_lancom_ph2_propos.jpg)
![](lancom-ipfire_lancom_ph2_propos.jpg)
 
Go to IPSec-Proposal-Lists and add your new Phase2 Proposal:
 
![](/en/configuration/services/ipsec/lancom-ipfire_lancom_ph2_propol.jpg)
![](lancom-ipfire_lancom_ph2_propol.jpg)
 
Go to IKE-Keys & Identities and add a new ID.
 
![](/en/configuration/services/ipsec/lancom-ipfire_lancom_id.jpg)
![](lancom-ipfire_lancom_id.jpg)
 
Go to IKE-Proposals and define a Phase1 Proposal:
 
![](/en/configuration/services/ipsec/lancom-ipfire_lancom_ph1_propos.jpg)
![](lancom-ipfire_lancom_ph1_propos.jpg)
 
Go to IKE-Proposal-Lists and add your new Phase1 Proposal:
 
![](/en/configuration/services/ipsec/lancom-ipfire_lancom_ph1_propol.jpg)
![](lancom-ipfire_lancom_ph1_propol.jpg)
 
Go to Connections-Parameters and add your settings:
 
![](lancom-ipfire_lancom_para.jpg)
![](/en/configuration/services/ipsec/lancom-ipfire_lancom_para.jpg)
 
 
Go to Cennections-Lists and add a new conneciton:
 
![](/en/configuration/services/ipsec/lancom-ipfire_lancom_connections.jpg)
![](lancom-ipfire_lancom_connections.jpg)
 
Go to IP-Router -> Routing -> IPv4 Routing-Table and add a route to your ipFire LAN (green):
 
![](/en/configuration/services/ipsec/lancom-ipfire_lancom_route.jpg)
![](lancom-ipfire_lancom_route.jpg)
 
Save your settings and enjoy your new VPN Site-to-Site connection