New Member
Posts: 1
Registered: ‎05-24-2018

Multi Site VPN Setup USG

[ Edited ]

Hi,

ich will create a multi site to site vpn with config.gateway.json file. I have create successfull a site2site connection from site 1 to site 2.

But when I will add the settings on the json file for the connection from site 1 to site 3 the USG crashed.

Site 1: USG - IP:192.168.10.0
Site 2: Fritzbox1 - IP:192.168.20.0
Site 3: Fritzbox2 - IP:192.168.30.0

Can everyone help me and review the config? 

many thanks

 

Manuel

 

{
                "vpn": {
                "ipsec": {
                        "auto-firewall-nat-exclude": "enable",
                        "auto-update": "60",
                        "esp-group": {
                                "ESP-Fritzbox-SCH": {
                                        "compression": "disable",
                                        "lifetime": "3600",
                                        "mode": "tunnel",
                                        "pfs": "enable",
                                        "proposal": {
                                                "1": {
                                                        "encryption": "aes256",
                                                        "hash": "sha1"
                                                }
                                        }
                                }
								"ESP-Fritzbox-FRB": {
                                        "compression": "disable",
                                        "lifetime": "3600",
                                        "mode": "tunnel",
                                        "pfs": "enable",
                                        "proposal": {
                                                "1": {
                                                        "encryption": "aes256",
                                                        "hash": "sha1"
                                                }
                                        }
                                }
                        },
                        "ike-group": {
                                "IKE-Fritzbox-SCH": {
                                        "ikev2-reauth": "no",
                                        "key-exchange": "ikev1",
                                        "lifetime": "3600",
                                        "proposal": {
                                                "1": {
                                                        "dh-group": "2",
                                                        "encryption": "aes256",
                                                        "hash": "sha1"
                                                }
                                        }
                                }
								"IKE-Fritzbox-FRB": {
                                        "ikev2-reauth": "no",
                                        "key-exchange": "ikev1",
                                        "lifetime": "3600",
                                        "proposal": {
                                                "1": {
                                                        "dh-group": "2",
                                                        "encryption": "aes256",
                                                        "hash": "sha1"
                                                }
                                        }
                                }
                        },
                        "ipsec-interfaces": {
                                "interface": [
                                        "pppoe2"
                                ]
                        },
                        "nat-networks": {
                                "allowed-network": {
                                        "0.0.0.0/0": "''"
                                }
                        },
                        "nat-traversal": "enable",
                        "site-to-site": {
                                "peer": {
                                        "PUBLIC-IP-SITE-2": {
                                                "authentication": {
                                                        "id": "PUBLIC-IP-SITE-1",
                                                        "mode": "pre-shared-secret",
                                                        "pre-shared-secret": "SuperSafe",
                                                        "remote-id": "PUBLIC-IP-SITE-2"
                                                },
                                                "connection-type": "initiate",
                                                "ike-group": "IKE-Fritzbox-SCH",
                                                "ikev2-reauth": "inherit",
                                                "local-address": "any",
                                                "tunnel": {
                                                        "1": {
                                                                "allow-nat-networks": "disable",
                                                                "allow-public-networks": "disable",
                                                                "esp-group": "ESP-Fritzbox-SCH",
                                                                "local": {
                                                                        "prefix": "192.168.10.0/24"
                                                                },
                                                                "remote": {
                                                                        "prefix": "192.168.20.0/24"
                                                                }
                                                        }
                                                }
                                        }
										"PUBLIC-IP-SITE-3": {
                                                "authentication": {
                                                        "id": "PUBLIC-IP-SITE-1",
                                                        "mode": "pre-shared-secret",
                                                        "pre-shared-secret": "SuperSafe",
                                                        "remote-id": "PUBLIC-IP-SITE-3"
                                                },
                                                "connection-type": "initiate",
                                                "ike-group": "IKE-Fritzbox-FRB",
                                                "ikev2-reauth": "inherit",
                                                "local-address": "any",
                                                "tunnel": {
                                                        "1": {
                                                                "allow-nat-networks": "disable",
                                                                "allow-public-networks": "disable",
                                                                "esp-group": "ESP-Fritzbox-FRB",
                                                                "local": {
                                                                        "prefix": "192.168.10.0/24"
                                                                },
                                                                "remote": {
                                                                        "prefix": "192.168.30.0/24"
                                                                }
                                                        }
                                                }
                                        }
                                }
                        }
                }
                }
}