IPSEC VPN to Yamaha RTX-810 -- Some settings questions!



  • Hello, we have two Yamaha VPN routers connecting our main and annex schools and I'm trying to replace one and most of the networking equipment at the main school with a Netgate SG-3100.

    Various settings for the network such as VLANs, DHCP ranges, etc have been configured, but properly replacing the Yamaha for creating the IPSec tunnel seems tricky.

    Here you can see the tunnel settings on the Yamaha:

    tunnel select 1
     tunnel name toGUNKAN
     ipsec tunnel 1
      ipsec sa policy 1 1 esp aes-cbc sha-hmac
      ipsec ike keepalive log 1 off
      ipsec ike keepalive use 1 on heartbeat 10 6
      ipsec ike local address 1 192.168.10.254
      ipsec ike pre-shared-key 1 text some-key
      ipsec ike remote address 1 any
      ipsec ike remote name 1 some-name key-id
     ip tunnel tcp mss limit auto
     tunnel enable 1
    

    Of interest to me is that the remote address is "any". Only our main school has a static IP address, and the annex school is connecting, but pfSense UI demands I enter a remote gateway. If I put "any" I see something in the log that it cannot resolve "any". Is this a problem?

    One more question. In the Phase 1, My Identifier and Peer Identifier, I set the Peer Identifier to be Key-ID and the remote name the Yamaha router is sending. But for My Identifier, should I set our static IP since that is what the Yamaha is attempting to connect to? Or should it be the routers internal IP, 192.168.10.1?

    Thank you all for your time! I'm really hoping this works and I won't have to resort to keeping the extra router around. I'm changing the main school network from separate routers acting as physically separated networks connecting to the provider by PPPoE. On the pfSense, I use WAN1 and OPT1 for dual-wan and separate the networks by VLAN 10(Wifi) and VLAN 20(Office) so that both can later access a NAS Server on VLAN 30. The main PPPoE(WAN1) needs to provide the VPN into VLAN20. This will be a huge cleanup of the networking at the top of our infrastructure.



  • I have found in the documentation that I should use "Any" rather than "any".


Log in to reply