![]() ![]() The cases where one might be required to perform this are:ġ) Your IPSEC device is behind a NAT - therefore your tunnel ID defaults to an internal IP on your network.Ģ) Your IPSEC device generates a unique identifier based on other criteria than IP address. Please set this ID by hand to match the external (Internet IP address) of your end of the tunnel. In such a case you will be required to specify a "Local ID" for your IPSEC tunnel. However, there exist scenarios where this may not be the case (detailed below). ![]() In most cases, this is automatically set to be the same as the actual tunnel endpoint IP address. Connecting via NAT/Local ID Įach IPSEC tunnel endpoint has a unique identifier. Please white list the respective Paperspace Gateway IP allowing it connections on UDP ports 5. Phase 2: 3600 seconds Connecting from Behind a Firewall While generally, key life need not match between tunnel endpoints, setting your key lifetimes to the below will guarantee smooth operation and prevent the possibility of premature tunnel teardowns. This is performed to maintain the highest security between the two tunnels. Key life is the time each tunnel takes until it regenerates a new renogotiated key pair. Paperspace VPNs utilize PFS to maximize security. Some devices will require this to be explicitly enabled prior to specifying a DH group for Phase 2. Specifying a DH group for Phase 2 is also known as Perfect Forward Secrecy (PFS).Not supported: DES, 3DES, SHA256-96 AES256-GCM Phase1 & Phase2 DH (Diffie-Hellman) Groups* The subnet of your Paperspace Private Network is listed under the Network tab of the console in CIDR format, eg 10.30.254.0/24 Key Exchange įallback: IKEv1 Encryption & Authentication Algorithms - For Phase 1 & Phase 2 ![]() The Gateway IP (the tunnel endpoint on the Paperspace side) will be specific to your Region. Supply the following parameters when configuring your side of the VPN tunnel: Paperspace Gateway IP
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |