Creating Untangle to Untangle IPsec tunnel

 

When creating a site-to-site IPsec tunnel between 2 Untangle appliances, it is best to use the KISS policy and leave the custom Phase 1 and Phase 2 configurations set to the default (unchecked & unchanged)

 

To configure the tunnel, go to APPS > IPsec > IPsec Tunnels. Remove any default tunnels that may remain from the initial installation. Click ADD to configure the tunnel:

 

Description:  This is where you enter a description that best describes the tunnel

Connection Type: Use Tunnel between Untangle appliances

IKE Version: If you are connecting only 1 subnet/interface on either side of the tunnel, use IKEv1. IKEv2 is used primarily when adding more than 1 local and/or remote network.

Connection Mode: This option is going away soon as we will be blending these 2 choices together. 

Interface: Use this to choose which WAN interface you want the tunnel to use. 

External IP: This is the WAN IP of the Untangle that you would like the tunnel to use. This will be grayed out if you selected a specific WAN interface rather than custom

Remote Host: This is the WAN IP of the other side of the tunnel

Local & Remote Identifier: These are only used if either side of the tunnel is behind a NAT

Local Network: This is the local subnet that you would like to allow access to the tunnel. You can list more than one subnet (IKEv2) by separating each with a comma, no spaces. I.E. 192.168.1.1/24,10.10.10.1/32

Remote Network: This is the remote subnet that you would like to allow access to the tunnel. You can list more than one subnet (IKEv2) by separating each with a comma, no spaces. I.E. 192.168.1.1/24,10.10.10.1/32

Shared Secret: Please use a LONG password here with no special characters. Complexity is not as important as length

DPD Interval: Dead Peer Detection is the tunnel's way of determining if the other side is up and responding. Default setting is best when connecting 2 Untangle devices. 

DPD Timeout: This is how long before the tunnel is restarted if the other side of the tunnel is not responding. Default setting is best when connecting 2 Untangle devices. 

Ping Address: Choose the IP of a device on the remote network that is reliable and configured to respond to ICMP requests. This is primarily used to create alerts for tunnel connectivity. 

Ping Interval: Time between ICMP requests to the above address

Phase 1 & Phase 2: These should be left unchanged when connecting 2 Untangle devices. 

 

 Here is an example of an IPsec config between 2 Untangle devices:

 

NOTE: If you are having trouble accessing resources on the other end of the tunnel, make sure to enable bypassing on the IPsec tunnel:

 

 

 

 

 

 

 

 

 

 

 

Follow