VPN from Firewalla Gold to a L2TP or IKEv2 Firebox

Comments

9 comments

  • Avatar
    Firewalla

    Sorry, we do not support L2TP or IKEv2 VPN, but if more people interested, we can certainly add it.  So far, people are more into wireguard than these traditional VPN's. 

    0
    Comment actions Permalink
  • Avatar
    James Willhoite

    The L2TP is what I am most interested in. I have a Ubuntu Server I installed StrongSwan on for my own personal VPN. It allows iPhone's to connect VPN without having to install OpenVPN. I know OpenVPN is really easy to configure but I wanted something that didn't rely on another application. 

    My company and I split the purchase of the Firewalla Gold so I could test it out. They are interested in purchasing at least 2 more to replace a couple of Fireboxes in two offices, but both have to be able to tunnel into the main Firebox at the main office. They would be creating a site-to-site connection. I looked and it seems that the Gold has about 1/2 the packages StrongSwan needs and the rest are available (according to apt-cache) to install.

    Would creating the tunnel via L2TP be do-able on the Gold?

    0
    Comment actions Permalink
  • Avatar
    James Willhoite

    I have successfully scripted a IKEv2 Server on the Firewalla Gold. There is now a Site-to-Site connection between my Firewalla Gold at Home and a WatchGuard Firebox at work using IKEv2.

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    Time to celebrate :)

    0
    Comment actions Permalink
  • Avatar
    Francisco Javier Mellado

    @James, Could you share the script? :D

    0
    Comment actions Permalink
  • Avatar
    James Willhoite

    I will revise my script and put on GitHub. I need to adjust it to be more "Generic" as it has a lot of my personal configuration in the script. When I get a chance to revise it, I will post the GitHub link here.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    We are looking forward to your script as well!

    0
    Comment actions Permalink
  • Avatar
    James Willhoite

    Ok, made some adjustments. Take a look at https://github.com/jameswillhoite/Firewalla-Scripts/tree/main/StrongSwan. This has instructions on what to do. Just make sure to read through the entire readme file before starting.... Let me know if it doesn't make sense or if you have any questions. I wrote this a year ago and haven't touched it since. It just works .....

    My main reason for this was because my work had a WatchGuard Firewall that uses IKEv2 to create Gateways between branches. I wanted to set up my network with my work because I work remotely and help troubleshoot other computers on the network. Only thing with this set up is my entire network is connected with work, not just the devices I want to allow to access it (I could add iptables rules but haven't). It is also a split tunnel so ONLY the traffic destined for my work network goes through the VPN and all other is through my network.

    There are two folders in the config directory to help set up a full tunnel and a split tunnel (the Firewalla hosts). I have some links in the Readme that will help with some setup with the configuration on Windows, Mac, iPhone, Android.

    Hope this helps (and maybe Firewalla will incorporate into the UI ;-)  )

     

    0
    Comment actions Permalink
  • Avatar
    André

    I’m also interested in having this natively available. IPsec IKEv2 / IKEv3, when ratified / L2TP

    0
    Comment actions Permalink

Please sign in to leave a comment.