I have problem with exchanging data by the VPN. I got the VPN login details from Octawave. There was a network address on the VPN side, however I don't know how to set up the Firewall.my actual setup:
IP Firewall NAT
Code: Select all
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=accept src-address=10.150.10.0/24
dst-address=192.168.100.0/24
1 chain=srcnat action=masquerade src-address=192.168.100.0/23 log=no
log-prefix="" ipsec-policy=out,none
2 chain=srcnat action=masquerade src-address=192.168.200.0/24 log=no
log-prefix=""
3 chain=srcnat action=masquerade src-address=192.168.50.0/24 log=no
log-prefix=""
4 chain=srcnat action=masquerade src-address=192.168.40.0/24 log=no
log-prefix=""
5 chain=srcnat action=masquerade out-interface=ether1 log=no log-prefix=""
ipsec-policy=out,none
6 chain=srcnat action=src-nat to-addresses=85.221.196.154
src-address=10.150.10.0/24 out-interface=ether1 log=no log-prefix=""
ipsec-policy=out,none
Code: Select all
Flags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 chain=forward action=accept connection-state=established,related
src-address=10.150.10.0/24 dst-address=192.168.100.0/24 log=no
log-prefix="" ipsec-policy=in,ipsec
2 chain=forward action=accept connection-state=established,related
src-address=192.168.100.0/24 dst-address=10.150.10.0/24 log=no
log-prefix="" ipsec-policy=out,ipsec
3 chain=input action=accept protocol=udp src-address=176.119.63.106
dst-port=4500 log=no log-prefix=""
4 X chain=input action=accept protocol=udp src-address=176.119.63.106
dst-port=1701 log=no log-prefix=""
5 chain=input action=accept protocol=udp src-address=176.119.63.106
dst-port=500 log=no log-prefix=""
6 chain=input action=accept protocol=ipsec-esp src-address=176.119.63.106
log=no log-prefix=""
7 ;;; defconf: accept out ipsec policy
chain=forward action=accept ipsec-policy=out,ipsec
8 ;;; defconf: accept in ipsec policy
chain=forward action=accept ipsec-policy=in,ipsec
9 X ;;; FastTrack: established & related
chain=forward action=fasttrack-connection
connection-state=established,related log=no log-prefix=""
10 chain=forward action=fasttrack-connection
connection-state=established,related
11 X chain=forward action=accept connection-state=established,related log=no
log-prefix=""
12 ;;; Accept Related or Established Connections
chain=input action=accept connection-state=established,related log=no
log-prefix=""
13 ;;; Accept New Connections
chain=forward action=accept connection-state=new log=no log-prefix=""
14 ;;; Accept Related or Established Connections
chain=forward action=accept connection-state=established,related log=no
log-prefix=""
15 chain=input action=drop protocol=udp in-interface=ether1 dst-port=53 log=n>
log-prefix=""
16 chain=input action=drop protocol=udp in-interface=ether2 dst-port=53 log=n>
log-prefix=""
17 chain=input action=drop protocol=tcp in-interface=ether1 dst-port=53 log=n>
log-prefix=""
18 chain=input action=drop protocol=tcp in-interface=ether2 dst-port=53 log=n>
log-prefix=""
19 chain=forward action=drop in-interface=OFFICE out-interface=CCTV log=no
log-prefix=""
20 chain=forward action=drop in-interface=CCTV out-interface=OFFICE log=no
log-prefix=""
21 chain=forward action=drop in-interface=WIFI out-interface=CCTV log=no
log-prefix=""
22 chain=forward action=drop in-interface=CCTV out-interface=WIFI log=no
log-prefix=""
Code: Select all
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 192.168.100.1/23 192.168.100.0 OFFICE
1 85.221.196.154/30 85.221.196.152 ether1
2 192.168.200.1/24 192.168.200.0 WIFI
3 192.168.50.1/24 192.168.50.0 CCTV
4 192.168.40.1/24 192.168.40.0 MGMT
5 192.168.88.2/24 192.168.88.0 ether2
6 I 192.168.1.0/24 192.168.1.0 vlan1
Code: Select all
Flags: H - hw-aead, A - AH, E - ESP
0 E spi=0x4F911F0 src-address=176.119.63.106 dst-address=85.221.196.154
state=mature auth-algorithm=sha256 enc-algorithm=aes-cbc enc-key-size=256
auth-key="xx"
enc-key="xx"
add-lifetime=19h12m20s/1d26s replay=128
1 E spi=0xC348E7AF src-address=85.221.196.154 dst-address=176.119.63.106
state=mature auth-algorithm=sha256 enc-algorithm=aes-cbc enc-key-size=256
auth-key="xx"
enc-key="xx"
add-lifetime=19h12m20s/1d26s replay=128
Code: Select all
Flags: T - template, B - backup,
X - disabled, D - dynamic, I - invalid, A - active, * - default
0 T X* group=default src-address=176.119.63.106/32 dst-address=85.221.196.154/32
protocol=all proposal=default template=yes
1 A peer=Octawave tunnel=yes src-address=192.168.100.0/24 src-port=any
dst-address=10.150.10.0/24 dst-port=any protocol=all action=encrypt
level=require ipsec-protocols=esp sa-src-address=85.221.196.154
sa-dst-address=176.119.63.106 proposal=Oktawave ph2-count=1