EdgeRouter IPSec Site-to-Site VPN Setup

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi I'm Willie and welcome back to my channel before we get in tonight into tonight's video what I'd like you to do is go back to two videos ago which was the mikrotik port forwarding video we've got a three-way tie for the best clean joke and I need you to by the time I release my next video have gone over and voted for your favorite clean joke so I can give away this screwdriver set so I appreciate everybody who's participating things again for all the subscribers I appreciate everything you do so please go vote on your favorite clean joke so that I don't have a three-way tie and I don't have to make that decision I am going to come topping out on this one you make the decision and I'll send in the screwdriver set so in the last video you saw where we use the unify and the USG to do a site-to-site VPN tonight we're going to do it with edge Max and edge routers so our setup goes like this we are simulating a LAN here and it's actually an edge router SFP that is simulating the LAN so I've got it configured and then it's got a connections out to the internet but then it goes to one edge router with the wayne interface at 10.10 10.2 and another edge router with a LAN interface of 172 dot 16 dot 1.2 and then you can see we've got our land addresses now on the 192 168 69 subnet I do have an IP camera and I already know that the IP address of that is 192 168 69 39 and I think that my PC when we're plugged in here you're going to stay 96 38 and those are the IPS that we'll try to use to do some pinging across across the VPN so we are going to create a VPN connection between these two routers so in real quick I am plugged into I am currently in the 96 Network so if I do a ping over to the 60 9.30 9 I get nothing so remember that and I will actually leave that here so we're going to run through this configuration I expect it to work pretty flawlessly I'll explain a couple of things and then if it doesn't work you know we can talk about troubleshooting and things like that I'll go over a couple of those utilities real quick but over overall this should go pretty smoothly and what was my machine yes my machine is 96 dot 38 when I plug into this that's that's perfect okay so right now I am in the 192 158 96.1 router that's my local at the moment so we're going to hop over to VPN we're going to go to IPSec site-to-site and yes you can do one-to-many many-to-many all those kinds of configurations you'll notice I'm also using the default ub NT username and password do not use you b NT as your default username and password change the username and password on your equipment please okay enough of the PSA so we're back to our IPSec site-to-site we're going to leave the firewall box checked if this is not checked on yours go ahead and check it and do note that I am on version 1.9 dot one we're going to add up here the peer is going to be the LAN interface or the router interface that's exposed for me to connect to on the other side so if we go back to our file and we are on the 96 Network we are going to make our peer 10.10 dot ten dot two description is going to be edgemax VPN local IP here you can specify the IP of the interface that you want to connect on or you can type any for simplicity sake will type any pre-shared secret should be something strong this is the lab environment so I'm going to use pre-shared secret as a capital P is an exclamation point do not use that in your real deployment choose something that is much stronger than that local subnet is 192 168 96 that is 0 and it is a Class C so slash 24 254 useable IPS remote subnet is going to be 192 168 69 that 0 so a Class C slash 24 254 useable IPS and will go ahead and apply that so it will spin around a little bit and it will come back green and say successfully applied then what we're going to do is we're going to unplug my machine from that router plug into the other one and we'll do this exact same configuration on the other side soon as we get the status that it's been applied alright so it's been applied on the 96 side so now we're going to hop over to the 69 and we'll give my machine a minute to get its affairs in order get a new IP address maybe we'll maybe won't it's going to do it now okay so now we are in the 192 168 69 side so we're going to go to that same button and you'll notice that this is where the other side was the edge router light this is the edge router X so we're going to go over to that VPN button IPSec site-to-site we're going to add up here and if in always documents tough documentation is fantastic so we're on the sixty-nine side so the pier on the other side is going to be that 172 16 1.2 description edge max VPN local IP any pre shared secret exclamation point local subnet 12.1 669 zero and remote seventh at 192 150 96 thousand 0/24 and here's another thing if we've got multiple subnets behind these firewalls and we want to share that we can keep adding subnets so you don't have to just have one subnets and you can expose more than one I have sub sites where I actually have at least three of these exposed we'll go ahead and apply that here's your PSA again your see I'm using ub and tu b and t please do not use that [Music] so with the version 1.9 dot 1 there is a wizard over here this shows the VPN status and you can see we haven't even started passing any traffic yet but our edge magazine p.m. with the peer here's our i ke information status is up so what I'm going to do is I'm going to swap my machine back over to the other side because we've got a camera on on this side already and to do that PEP across we want at least one device you know on each side so my machine has an IP and so if we go back over to our handy-dandy documentation the camera on this side should be 69 1337 [Music] [Music] Comcast I think was charging $19 a month for a single static IP address well when you've got 20 sites you know that's that's not just $19 that's $19 times 20 sites well if I can use a free dynamic DNS service that comes with my Google domain that I pay $12 a year for so $12 helps me unload that 19 times 20 so do the math and it's very advantageous to not have to have static IP in some situations there are some situations where we need static IP so we still need that but a lot of the smaller sites that don't need static IPs and you can get away with dynamic DNS I always suggest doing that so I showed you the wizard that shows you the status so if we go to VPN status we will see the bats up if you ssh into your edge router there's a whole lot more that you can learn how to do and you can do a show VPN then there are all these options under the show VPN for their show VPN debug there's the i ke status so if you do that it's going to show you the the process if you go to see let's do I P SEC SA then you can see all the information about the tunnel and a lot of times if you are you know you're trying to ask for help a really good place to get information for somebody who's trying to help you troubleshoot this is through the command line and through the logs so we can do a show VPN log and so now you can see everything that's that from the beginning you know initiating the tunnel to the establishment of the tunnel and everything in between you can see all that information here so always a great place to look for for troubleshooting you know get in there play with it break it figure out works ask questions but really I mean this this is really it and its simplest form this is how easy it could be for you to set this up and I think in a future video we'll even go ahead and tie your USG into this because this should be fairly easy so we'll look at that video will probably be a little longer but I think it'll be it'll be worth it one more thing since that camera is on the other side we could see if we can SSH into that camera okay so we're in the camera let's see if we can ping 192 dot 168 that 96 touch what did we say my IP was going to be 38 is that right let's see if we can payment so from the camera the UVC g3 now we are pinging back across the other way so that's it if you liked the video please give me a thumbs up please subscribe please comment and share and we'll see you in the next video
Info
Channel: Willie Howe
Views: 79,335
Rating: 4.9527898 out of 5
Keywords: edgerouter lite vpn, edgerouter, ubiquiti edgerouter x, edgerouter lite, ubiquiti edgerouter lite, edgerouter x sfp, ubiquiti edgemax edgerouter lite, edgerouter x review, edgerouter lite review, ubiquiti edgerouter pro, ubiquity edgerouter, ubiquity edgerouter vpn, edgerouter ipsec vpn, ubiquiti edgerouter ipsec vpn, edgerouter site-to-site vpn, ubiquiti edgerouter site-to-site vpn, ubiquity site-to-site vpn, ubiquiti site-to-site vpn
Id: -7mERCvrcJQ
Channel Id: undefined
Length: 13min 44sec (824 seconds)
Published: Wed Feb 22 2017
Related Videos
L2TP over IPsec VPN Server
Quik Tech Solutions L.L.C
67K
USG vs. EdgeRouter
Crosstalk Solutions
591K
UniFi Site-to-Site VPN
Willie Howe
98K
USG to EdgeRouter Site-to-Site VPN
Willie Howe
24K
EdgeRouter OpenVPN to Private Internet Access!
Willie Howe
72K
pfSense Site to Site VPN
Crosstalk Solutions
71K
iOS 15 Settings You Need To Turn Off Now
Payette Forward
3.4M
EdgeRouter L2TP IPSec Server Setup
Willie Howe
75K
System administration complete course from beginner to advanced | IT administrator full course
Geek's Lesson
3.1M
Should you still buy an Ubiquiti Edgerouter X in 2018? Is it still the best home router setup?
Lawrence Systems
221K
VPN - Virtual Private Networking
Eli the Computer Guy
2.1M
2020 Getting started with pfsense 2.4 Tutorial: Network Setup, VLANs, Features & Packages
Lawrence Systems
511K
Ubiquiti Routing and Switching Basics - Part 1
Crosstalk Solutions
190K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.