IPsec Remote Access VPN Phase 1 and Phase 2 Settings
Subject: IPsec Remote Access VPN Phase 1 and Phase 2 Settings
Good day from Singapore,
config vpn ipsec phase1-interface
edit "IPsec VPN"
set type dynamic
set interface "wan1"
set ike-version 2
set peertype any
set net-device disable
set mode-cfg enable
set proposal aes128-sha256 aes256-sha256
set comments "VPN: IPsec VPN (Created by VPN wizard)"
set dhgrp 14
set eap enable
set eap-identity send-request
set authusrgrp "VPN_Users"
set ipv4-start-ip 10.10.10.1
set ipv4-end-ip 10.10.10.254
set dns-mode auto
set ipv4-split-include "IPsec VPN_split"
set save-password enable
set psksecret ENC ---snipped---
next
end
config vpn ipsec phase2-interface
edit "IPsec VPN"
set phase1name "IPsec VPN"
set proposal aes128-sha1 aes256-sha1
set dhgrp 14
set comments "VPN: IPsec VPN (Created by VPN wizard)"
next
end
IPsec VPN troubleshooting CLI commands:
diagnose debug reset
diagnose debug application ike -1
diagnose debug enable
show vpn ipsec phase1-interface "IPsec VPN"
diagnose vpn ike gateway list
diagnose vpn tunnel list
diagnose vpn ike log-filter clear
diagnose vpn ike log-filter dst-addr4 x.x.x.x
diagnose debug application ike -1
diagnose debug enable
Regards,
Mr. Turritopsis Dohrnii Teo En Ming
Extremely Democratic People's Republic of Singapore
24 Jan 2026 Saturday 12.54 pm Singapore Time
REFERENCES
==============
[2] placeholder for mail-archive.com
[3] https://marc.info/?l=linux-netdev&m=176923324427585&w=2
[4] https://lists.freebsd.org/archives/freebsd-chat/2026-January/000064.html
[5] placeholder for mail-archive.com
[6] https://marc.info/?l=freebsd-chat&m=176923337427631&w=2
Comments
Post a Comment