USG to EdgeRouter VPN
-
Has anyone set up a site to site VPN between an EdgeRouter and a USG? I'm assuming that this is no problem, but I'm not 100% sure that we've tested it before and I wanted to make sure that someone had done it first hand.
-
@scottalanmiller said in USG to EdgeRouter VPN:
Has anyone set up a site to site VPN between an EdgeRouter and a USG? I'm assuming that this is no problem, but I'm not 100% sure that we've tested it before and I wanted to make sure that someone had done it first hand.
I helped @Dashrender do this a long time ago before there was a vpn option built into the GUI.
It works fine, just a simple IPSEC preshared key based tunnel.
-
@JaredBusch said in USG to EdgeRouter VPN:
@scottalanmiller said in USG to EdgeRouter VPN:
Has anyone set up a site to site VPN between an EdgeRouter and a USG? I'm assuming that this is no problem, but I'm not 100% sure that we've tested it before and I wanted to make sure that someone had done it first hand.
I helped @Dashrender do this a long time ago before there was a vpn option built into the GUI.
It works fine, just a simple IPSEC preshared key based tunnel.
If I recall, I had to setup a JSON file on the controller for the USG to set the settings - it was a hassle to say the least... and if you weren't using a RADIUS server, it loves to bitch at you (or was that just the documentation).
-
@Dashrender you recall correctly. But basic IPSEC is in the controller now. I do believe.
-
@JaredBusch said in USG to EdgeRouter VPN:
@Dashrender you recall correctly. But basic IPSEC is in the controller now. I do believe.
JB is correct, just use the IPSEC in both controllers (aka routers).
-
@JaredBusch said in USG to EdgeRouter VPN:
@Dashrender you recall correctly. But basic IPSEC is in the controller now. I do believe.
Yup.
-
In my experience, the two devices use different defaults for S2S connections (DH group, encryption).
Thankfully, this is now somewhat selectable on the USG but not on the Edgemax.
I'd setup the Edgemax site using the gui first (for simplicity), check the DH group and IKE settings then duplicate these on the USG. -
@manxam said in USG to EdgeRouter VPN:
In my experience, the two devices use different defaults for S2S connections (DH group, encryption).
Thankfully, this is now somewhat selectable on the USG but not on the Edgemax.
I'd setup the Edgemax site using the gui first (for simplicity), check the DH group and IKE settings then duplicate these on the USG.Those settings are most certainly selectable on the EdgeMax line. Always have been.
-
Interesting. The last time that I looked at the GUI (as we typically use CLI for VPN), it didn't give the option of DH group like so :
Wonder in what version this changed?
-
@manxam said in USG to EdgeRouter VPN:
Interesting. The last time that I looked at the GUI (as we typically use CLI for VPN), it didn't give the option of DH group like so :
Wonder in what version this changed?
It has had it for as long as I recall. At least 1.5.
The CLI has had it 100% of the time since release at version 1.2.0
