Quantcast
Channel: EdgeRouter topics
Viewing all articles
Browse latest Browse all 20028

ipsec remote ip range not showing

November 3, 2016, 8:27 am
$
0
0

I am attempting to setup a new pair of routers for when BT eventually gets our
fibre lines installed and need some assistance.

I'm getting a vpn tunnel setup between the two routers and have managed to get it to work (suprised! I was!).

I have 10.0.0.0/24 and 10.0.1.0/24 and can successfully connect to devices on the other end but for some reason the network doesn't show up in the routes.

clive@Southwater-10-0-0-1:~$ show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
> - selected route, * - FIB route, p - stale info
IP Route Table for VRF "default"
S *> 0.0.0.0/0 [1/0] via 192.168.1.254, eth0
C *> 10.0.0.0/24 is directly connected, eth1
C *> 127.0.0.0/8 is directly connected, lo
C *> 192.168.1.0/24 is directly connected, eth0

As you can see, the 10.0.1.0/24 network doesn't show but I can connect to devices on it.

Is this a bug? Something to be worried about? Should I add the route manually?

Oh, and ignore the vti interface. It's a work in progress.

Cheers

************************
Pulborough Router config

clive@Pulborough-10-0-1-1:~$ show configuration commands
set firewall all-ping enable
set firewall broadcast-ping disable
set firewall ipv6-receive-redirects disable
set firewall ipv6-src-route disable
set firewall ip-src-route disable
set firewall log-martians enable
set firewall name WAN_IN default-action drop
set firewall name WAN_IN description 'WAN to internal'
set firewall name WAN_IN rule 10 action accept
set firewall name WAN_IN rule 10 description 'Allow established/related'
set firewall name WAN_IN rule 10 state established enable
set firewall name WAN_IN rule 10 state related enable
set firewall name WAN_IN rule 20 action accept
set firewall name WAN_IN rule 20 description 'Allow ICMP'
set firewall name WAN_IN rule 20 log disable
set firewall name WAN_IN rule 20 protocol icmp
set firewall name WAN_IN rule 30 action drop
set firewall name WAN_IN rule 30 description 'Drop invalid state'
set firewall name WAN_IN rule 30 state invalid enable
set firewall name WAN_LOCAL default-action drop
set firewall name WAN_LOCAL description 'WAN to router'
set firewall name WAN_LOCAL rule 10 action accept
set firewall name WAN_LOCAL rule 10 description 'Allow established/related'
set firewall name WAN_LOCAL rule 10 state established enable
set firewall name WAN_LOCAL rule 10 state related enable
set firewall name WAN_LOCAL rule 20 action drop
set firewall name WAN_LOCAL rule 20 description 'Drop invalid state'
set firewall name WAN_LOCAL rule 20 state invalid enable
set firewall name WAN_LOCAL rule 21 action accept
set firewall name WAN_LOCAL rule 21 description 'Allow ICMP'
set firewall name WAN_LOCAL rule 21 log disable
set firewall name WAN_LOCAL rule 21 protocol icmp
set firewall name WAN_LOCAL rule 22 action accept
set firewall name WAN_LOCAL rule 22 description 'Allow SSH'
set firewall name WAN_LOCAL rule 22 destination port 22
set firewall name WAN_LOCAL rule 22 log disable
set firewall name WAN_LOCAL rule 22 protocol tcp
set firewall name WAN_LOCAL rule 23 action accept
set firewall name WAN_LOCAL rule 23 description 'Allow HTTPS'
set firewall name WAN_LOCAL rule 23 destination port 443
set firewall name WAN_LOCAL rule 23 log disable
set firewall name WAN_LOCAL rule 23 protocol tcp
set firewall receive-redirects disable
set firewall send-redirects enable
set firewall source-validation disable
set firewall syn-cookies enable
set interfaces ethernet eth0 address 192.168.1.12/24
set interfaces ethernet eth0 description Internet
set interfaces ethernet eth0 duplex auto
set interfaces ethernet eth0 firewall in name WAN_IN
set interfaces ethernet eth0 firewall local name WAN_LOCAL
set interfaces ethernet eth0 speed auto
set interfaces ethernet eth1 description Local
set interfaces ethernet eth1 duplex auto
set interfaces ethernet eth1 speed auto
set interfaces ethernet eth2 description Local
set interfaces ethernet eth2 duplex auto
set interfaces ethernet eth2 speed auto
set interfaces ethernet eth3 description Local
set interfaces ethernet eth3 duplex auto
set interfaces ethernet eth3 speed auto
set interfaces ethernet eth4 description Local
set interfaces ethernet eth4 duplex auto
set interfaces ethernet eth4 speed auto
set interfaces loopback lo
set interfaces switch switch0 address 10.0.1.1/24
set interfaces switch switch0 description Local
set interfaces switch switch0 mtu 1500
set interfaces switch switch0 switch-port interface eth1
set interfaces switch switch0 switch-port interface eth2
set interfaces switch switch0 switch-port interface eth3
set interfaces switch switch0 switch-port interface eth4
set interfaces switch switch0 switch-port vlan-aware disable
set service dhcp-server disabled false
set service dhcp-server hostfile-update disable
set service dhcp-server shared-network-name LAN authoritative enable
set service dhcp-server shared-network-name LAN subnet 10.0.1.0/24 default-router 10.0.1.1
set service dhcp-server shared-network-name LAN subnet 10.0.1.0/24 dns-server 10.0.1.1
set service dhcp-server shared-network-name LAN subnet 10.0.1.0/24 lease 86400
set service dhcp-server shared-network-name LAN subnet 10.0.1.0/24 start 10.0.1.38 stop 10.0.1.243
set service dhcp-server use-dnsmasq disable
set service dns forwarding cache-size 150
set service dns forwarding listen-on switch0
set service gui http-port 80
set service gui https-port 443
set service gui older-ciphers enable
set service mdns reflector
set service nat rule 5010 description 'masquerade for WAN'
set service nat rule 5010 outbound-interface eth0
set service nat rule 5010 type masquerade
set service ssh port 22
set service ssh protocol-version v2
set system gateway-address 192.168.1.254
set system host-name Pulborough-10-0-1-1
set system login banner pre-login '\n*********************************\nThis is the PULBOROUGH router\n\nUnauthorised access is prohibited\n*********************************\n\n'
set system login user clive authentication plaintext-password 'password'
set system login user clive level admin
set system name-server 192.168.1.254
set system ntp server 0.ubnt.pool.ntp.org
set system ntp server 1.ubnt.pool.ntp.org
set system ntp server 2.ubnt.pool.ntp.org
set system ntp server 3.ubnt.pool.ntp.org
set system offload hwnat enable
set system syslog global facility all level notice
set system syslog global facility protocols level debug
set system time-zone UTC
set system traffic-analysis dpi enable
set system traffic-analysis export enable
set vpn ipsec auto-firewall-nat-exclude enable
set vpn ipsec esp-group FOO0 compression disable
set vpn ipsec esp-group FOO0 lifetime 3600
set vpn ipsec esp-group FOO0 mode tunnel
set vpn ipsec esp-group FOO0 pfs enable
set vpn ipsec esp-group FOO0 proposal 1 encryption aes128
set vpn ipsec esp-group FOO0 proposal 1 hash sha1
set vpn ipsec ike-group FOO0 ikev2-reauth yes
set vpn ipsec ike-group FOO0 key-exchange ikev1
set vpn ipsec ike-group FOO0 lifetime 28800
set vpn ipsec ike-group FOO0 proposal 1 dh-group 14
set vpn ipsec ike-group FOO0 proposal 1 encryption aes128
set vpn ipsec ike-group FOO0 proposal 1 hash sha1
set vpn ipsec site-to-site peer 192.168.1.11 authentication mode pre-shared-secret
set vpn ipsec site-to-site peer 192.168.1.11 authentication pre-shared-secret Shh!It'sASecret
set vpn ipsec site-to-site peer 192.168.1.11 connection-type initiate
set vpn ipsec site-to-site peer 192.168.1.11 description Southwater
set vpn ipsec site-to-site peer 192.168.1.11 ike-group FOO0
set vpn ipsec site-to-site peer 192.168.1.11 ikev2-reauth inherit
set vpn ipsec site-to-site peer 192.168.1.11 local-address 192.168.1.12
set vpn ipsec site-to-site peer 192.168.1.11 tunnel 1 allow-nat-networks disable
set vpn ipsec site-to-site peer 192.168.1.11 tunnel 1 allow-public-networks disable
set vpn ipsec site-to-site peer 192.168.1.11 tunnel 1 esp-group FOO0
set vpn ipsec site-to-site peer 192.168.1.11 tunnel 1 local prefix 10.0.1.0/24
set vpn ipsec site-to-site peer 192.168.1.11 tunnel 1 remote prefix 10.0.0.0/24


************************
Southwater Router config

set firewall all-ping enable
set firewall broadcast-ping disable
set firewall ipv6-receive-redirects disable
set firewall ipv6-src-route disable
set firewall ip-src-route disable
set firewall log-martians enable
set firewall name WAN_IN default-action drop
set firewall name WAN_IN description 'WAN to internal'
set firewall name WAN_IN rule 10 action accept
set firewall name WAN_IN rule 10 description 'Allow establihed/related'
set firewall name WAN_IN rule 10 state established enable
set firewall name WAN_IN rule 10 state related enable
set firewall name WAN_IN rule 20 action accept
set firewall name WAN_IN rule 20 description ICMP
set firewall name WAN_IN rule 20 log disable
set firewall name WAN_IN rule 20 protocol icmp
set firewall name WAN_IN rule 30 action drop
set firewall name WAN_IN rule 30 description 'Drop invalid state'
set firewall name WAN_IN rule 30 state invalid enable
set firewall name WAN_LOCAL default-action drop
set firewall name WAN_LOCAL description 'WAN to Router traffic'
set firewall name WAN_LOCAL rule 10 action accept
set firewall name WAN_LOCAL rule 10 description 'Allow established/related'
set firewall name WAN_LOCAL rule 10 state established enable
set firewall name WAN_LOCAL rule 10 state related enable
set firewall name WAN_LOCAL rule 20 action drop
set firewall name WAN_LOCAL rule 20 description 'Drop invalid state'
set firewall name WAN_LOCAL rule 20 state invalid enable
set firewall name WAN_LOCAL rule 21 action accept
set firewall name WAN_LOCAL rule 21 description ICMP
set firewall name WAN_LOCAL rule 21 log disable
set firewall name WAN_LOCAL rule 21 protocol icmp
set firewall name WAN_LOCAL rule 22 action accept
set firewall name WAN_LOCAL rule 22 description HTTP
set firewall name WAN_LOCAL rule 22 destination port 80
set firewall name WAN_LOCAL rule 22 log disable
set firewall name WAN_LOCAL rule 22 protocol tcp
set firewall name WAN_LOCAL rule 23 action accept
set firewall name WAN_LOCAL rule 23 description HTTPS
set firewall name WAN_LOCAL rule 23 destination port 443
set firewall name WAN_LOCAL rule 23 log disable
set firewall name WAN_LOCAL rule 23 protocol tcp
set firewall name WAN_LOCAL rule 24 action accept
set firewall name WAN_LOCAL rule 24 description SSH
set firewall name WAN_LOCAL rule 24 destination port 22
set firewall name WAN_LOCAL rule 24 log disable
set firewall name WAN_LOCAL rule 24 protocol tcp
set firewall receive-redirects disable
set firewall send-redirects enable
set firewall source-validation disable
set firewall syn-cookies enable
set interfaces ethernet eth0 address 192.168.1.11/24
set interfaces ethernet eth0 description Internet
set interfaces ethernet eth0 duplex auto
set interfaces ethernet eth0 firewall in name WAN_IN
set interfaces ethernet eth0 firewall local name WAN_LOCAL
set interfaces ethernet eth0 speed auto
set interfaces ethernet eth1 address 10.0.0.1/24
set interfaces ethernet eth1 description Local
set interfaces ethernet eth1 duplex auto
set interfaces ethernet eth1 speed auto
set interfaces ethernet eth2 duplex auto
set interfaces ethernet eth2 speed auto
set interfaces ethernet eth3 duplex auto
set interfaces ethernet eth3 speed auto
set interfaces ethernet eth4 duplex auto
set interfaces ethernet eth4 speed auto
set interfaces ethernet eth5 duplex auto
set interfaces ethernet eth5 speed auto
set interfaces ethernet eth6 duplex auto
set interfaces ethernet eth6 speed auto
set interfaces ethernet eth7 duplex auto
set interfaces ethernet eth7 speed auto
set interfaces loopback lo
set interfaces vti vti0 address 172.16.0.1/30
set interfaces vti vti0 description 'VTI Interface'
set interfaces vti vti0 mtu 1436
set service dhcp-server disabled false
set service dhcp-server hostfile-update disable
set service dhcp-server shared-network-name LAN1 authoritative disable
set service dhcp-server shared-network-name LAN1 subnet 10.0.0.0/24 default-router 10.0.0.1
set service dhcp-server shared-network-name LAN1 subnet 10.0.0.0/24 dns-server 10.0.0.1
set service dhcp-server shared-network-name LAN1 subnet 10.0.0.0/24 lease 86400
set service dhcp-server shared-network-name LAN1 subnet 10.0.0.0/24 start 10.0.0.20 stop 10.0.0.200
set service dhcp-server use-dnsmasq disable
set service dns forwarding cache-size 150
set service dns forwarding listen-on eth1
set service gui http-port 80
set service gui https-port 443
set service gui older-ciphers enable
set service mdns reflector
set service nat rule 5010 description 'Masquerade for WAN'
set service nat rule 5010 outbound-interface eth0
set service nat rule 5010 type masquerade
set service ssh port 22
set service ssh protocol-version v2
set system gateway-address 192.168.1.254
set system host-name Southwater-10-0-0-1
set system login banner pre-login '\n*********************************\nThis is the SOUTHWATER router\n\nUnauthorised access is prohibited\n*********************************\n\n'
set system login user clive authentication plaintext-password 'password'
set system login user clive level admin
set system name-server 192.168.1.254
set system ntp server 0.ubnt.pool.ntp.org
set system ntp server 1.ubnt.pool.ntp.org
set system ntp server 2.ubnt.pool.ntp.org
set system ntp server 3.ubnt.pool.ntp.org
set system syslog global facility all level notice
set system syslog global facility protocols level debug
set system time-zone Europe/London
set system traffic-analysis dpi enable
set system traffic-analysis export enable
set vpn ipsec auto-firewall-nat-exclude enable
set vpn ipsec esp-group FOO0 compression disable
set vpn ipsec esp-group FOO0 lifetime 3600
set vpn ipsec esp-group FOO0 mode tunnel
set vpn ipsec esp-group FOO0 pfs enable
set vpn ipsec esp-group FOO0 proposal 1 encryption aes128
set vpn ipsec esp-group FOO0 proposal 1 hash sha1
set vpn ipsec ike-group FOO0 ikev2-reauth yes
set vpn ipsec ike-group FOO0 key-exchange ikev1
set vpn ipsec ike-group FOO0 lifetime 28800
set vpn ipsec ike-group FOO0 proposal 1 dh-group 14
set vpn ipsec ike-group FOO0 proposal 1 encryption aes128
set vpn ipsec ike-group FOO0 proposal 1 hash sha1
set vpn ipsec site-to-site peer 192.168.1.12 authentication mode pre-shared-secret
set vpn ipsec site-to-site peer 192.168.1.12 authentication pre-shared-secret Shh!It'sASecret
set vpn ipsec site-to-site peer 192.168.1.12 connection-type initiate
set vpn ipsec site-to-site peer 192.168.1.12 description Pulborough
set vpn ipsec site-to-site peer 192.168.1.12 ike-group FOO0
set vpn ipsec site-to-site peer 192.168.1.12 ikev2-reauth inherit
set vpn ipsec site-to-site peer 192.168.1.12 local-address 192.168.1.11
set vpn ipsec site-to-site peer 192.168.1.12 tunnel 1 allow-nat-networks disable
set vpn ipsec site-to-site peer 192.168.1.12 tunnel 1 allow-public-networks disable
set vpn ipsec site-to-site peer 192.168.1.12 tunnel 1 esp-group FOO0
set vpn ipsec site-to-site peer 192.168.1.12 tunnel 1 local prefix 10.0.0.0/24
set vpn ipsec site-to-site peer 192.168.1.12 tunnel 1 remote prefix 10.0.1.0/24

Search
Viewing all articles
Browse latest Browse all 20028

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

February 16, 2017, 4:24 pm

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

January 5, 2014, 10:34 pm

Ominde Commission Report and Recommendations – Ominde Report of 1964

March 16, 2015, 5:14 am

Bureau of Internal Revenue: Regional Offices (Directory)

January 9, 2014, 11:06 pm

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

March 26, 2017, 11:23 pm

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

October 17, 2016, 7:20 am

Mp3 Download: Mdu - Kunjenjenjena

December 7, 2017, 8:16 am

How the kill the job , when DTP request running for long hours.

July 26, 2013, 2:41 am

Microsoft Intune から展開しているアプリのアップデートについて

October 17, 2016, 4:11 am

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

September 1, 2017, 10:00 pm

Car crash in Dunton Bassett leaves driver in critical condition

October 7, 2014, 7:51 am

Macky 2, Two Others In Road Accident

March 29, 2015, 5:34 am

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

May 14, 2015, 11:27 pm

Detroit mafia: D’Anna Brothers agree to plea deal

April 21, 2016, 6:56 am

Delivery block field greyed out using VA02

January 26, 2016, 2:52 pm

Muloraki Au

June 22, 2016, 1:44 am

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出w【リベンジポルノ】@PornHub

October 12, 2017, 2:23 pm

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

February 9, 2018, 4:56 am

FIAT 500 B0111 B0112

July 5, 2018, 10:31 am
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>