Hallo ich habe eine frage ich habe eine USg die auf eine Fritzbox per VPn verbindet , soweit so gut aber wie stelle ich eine das die Usg die Ip internet Adresse der anderen Fritzbox übernimmt ,
Bei 2 Fritzboxen ging es wenn man einen Lan Port zugewiesen hat .
Meine Config
FRITZBOX-USG-Switsch Von per Site by Site zu Fritzbox
Json Datei
Fritzbox VPN
Bei 2 Fritzboxen ging es wenn man einen Lan Port zugewiesen hat .
Meine Config
FRITZBOX-USG-Switsch Von per Site by Site zu Fritzbox
Json Datei
JSON:
{
"vpn": {
"ipsec": {
"auto-firewall-nat-exclude": "enable",
"auto-update": "60",
"esp-group": {
"ESP-Fritzbox": {
"compression": "disable",
"lifetime": "3600",
"mode": "tunnel",
"pfs": "enable",
"proposal": {
"1": {
"encryption": "aes256",
"hash": "sha1"
}
}
}
},
"ike-group": {
"IKE-Fritzbox": {
"ikev2-reauth": "no",
"key-exchange": "ikev1",
"lifetime": "3600",
"proposal": {
"1": {
"dh-group": "2",
"encryption": "aes256",
"hash": "sha1"
}
}
}
},
"ipsec-interfaces": {
"interface": [
"eth0"
]
},
"nat-networks": {
"allowed-network": {
"0.0.0.0/0": "''"
}
},
"nat-traversal": "enable",
"site-to-site": {
"peer": {
"fritzbox,de": {
"authentication": {
"id": "usg.de",
"mode": "pre-shared-secret",
"pre-shared-secret": "test123",
"remote-id": "fritzbox.de"
},
"connection-type": "initiate",
"ike-group": "IKE-Fritzbox",
"ikev2-reauth": "inherit",
"local-address": "any",
"tunnel": {
"1": {
"allow-nat-networks": "disable",
"allow-public-networks": "disable",
"esp-group": "ESP-Fritzbox",
"local": {
"prefix": "192.168.2.0/24"
},
"remote": {
"prefix": "192.168.123.0/24"
}
}
}
}
}
}
}
}
}Fritzbox VPN
Code:
vpncfg {
connections {
enabled = yes;
conn_type = conntype_lan;
name = "USGMK";
always_renew = yes;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = 0.0.0.0;
remote_virtualip = 0.0.0.0;
remotehostname = "usg.de"; //Hostname of your USG
keepalive_ip = 0.0.0.0;
localid {
fqdn = "Fritzbox.de";
}
remoteid {
ipaddr = "usg.de";
}
mode = phase1_mode_idp;
phase1ss = "all/all/all";
keytype = connkeytype_pre_shared;
key = "test123";
cert_do_server_auth = no;
use_nat_t = yes;
use_xauth = no;
use_cfgmode = no;
phase2localid {
ipnet {
ipaddr = 192.168.123.0;
mask = 255.255.255.0;
}
}
phase2remoteid {
ipnet {
ipaddr = 192.168.2.0;
mask = 255.255.255.0;
}
}
phase2ss = "esp-all-all/ah-none/comp-all/pfs";
accesslist = "permit ip any 192.168.2.0 255.255.255.0";
}
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
"udp 0.0.0.0:4500 0.0.0.0:4500";
}
Zuletzt bearbeitet von einem Moderator:
