Need help understanding IPsec

shadowskippie · July 16, 2013, 6:52am

Morning

I need some help. i have read several articles on IPsec trying to understand it. Now i understand the theory behind it but i cannot get the practical working.
Using the manuals in the wiki i have tried to setup IPsec over my L2TP connection i have between my two residential networks but i just can’t get it right.

In the end i decided maybe i should makes things as simple as possible, as in four virtual routers simple. start from then, get a working system and then expand my knowledge from there how ever even that i can’t get right, it is now at this point i need help from someone who knows what they are doing.

In the virtual environment, Router 1 to directly connected to router 2
Router 2 to router 3 and router 3 to router 4

Router 1 and router 4 are playing as computer hosts and get their ip address from router 2&3 respectivle
Every router has an ether1 that bridges back th my PC’s NIC in order to give the router internet if needed and to allow me to Winbox into the device. most of the time these ints are disabled

I’ll start pasting the basic configs of the routers

Router 1
/ip add pr
 #   ADDRESS            NETWORK         INTERFACE                              
 0 D 192.168.20.191/24  192.168.20.0    Local                                  

/ip dhcp-client pr
 #   INTERFACE    USE-PEER-DNS ADD-DEFAULT-ROUTE STATUS        ADDRESS           
 0   Local        yes          yes               bound         192.168.20.191/24                              

/ip route pr
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          192.168.20.1              0
 1 ADC  192.168.20.0/24    192.168.20.191  Local                     0

Router2

/ip add pr
 #   ADDRESS            NETWORK         INTERFACE                              
 0   192.168.20.1/24    192.168.20.0    Local                                  
 1   172.16.16.1/24     172.16.16.0     WAN                                    

/ip route pr
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADC  172.16.16.0/24     172.16.16.1     WAN                       0
 1 ADC  192.168.20.0/24    192.168.20.1    Local                     0
 2 A S  192.168.21.0/24                    172.16.16.2               1

Router 3

/ip add pr
 #   ADDRESS            NETWORK         INTERFACE                              
 0   192.168.21.1/24    192.168.21.0    Local                                  
 1   172.16.16.2/24     172.16.16.0     WAN       

/ip route pr
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADC  172.16.16.0/24     172.16.16.2     WAN                       0
 1 A S  192.168.20.0/24                    172.16.16.1               1
 2 ADC  192.168.21.0/24    192.168.21.1    Local                     0

Router 4

/ip add pr
 #   ADDRESS            NETWORK         INTERFACE                              
 0 D 192.168.21.191/24  192.168.21.0    Local               

/ip dhcp-client pr
 #   INTERFACE           USE ADD-DEFAULT-ROUTE STATUS        ADDRESS           
 0   Local               yes yes               bound         192.168.21.191/24 

/ip route pr
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          192.168.21.1              0
 1 ADC  192.168.21.0/24    192.168.21.191  Local                     0

With this configuration i can ping from one side to the other.

Now I want to ipsec he connection between router2 and router3. for now i want the basics of basic IPsec, i was thinking of trying to do AH transport on that connection.

Can anyone help me with this.