IKEv1/IPsec VPN server
Keenetic routers have the ability to connect to an IKEv1/IPsec VPN server. The server allows authorised users to securely connect over the Internet from mobile devices (Android, iOS) to your home network resources and use your internet connection. When setting up a connection on Android devices, select the IPsec Xauth PSK connection type, and on iOS devices select IPsec. An IPsec connection provides completely secure access to your home network from your smartphone or tablet.
Importante
A Keenetic device that hosts the IKEv1/IPsec VPN server must be connected to the Internet with a global (public) IP address, and if using the KeenDNS domain name, it must be configured in the Direct Access mode. If any of these conditions are not met, it will not be possible to connect to such a server from the Internet.
To set up secure IKEv1/IPsec connections on your Keenetic router, you need to install the IKEv1/IPsec and IKEv2/IPsec VPN servers, L2TP/IPsec VPN client, Site-to-site IPsec VPN system component. You can do this in the web interface on the General System Settings page under KeeneticOS Update and Component Options by clicking on Component options.
After that, go to the Applications page. Here you will see the IKEv1/IPsec VPN server panel. Click the IKEv1/IPsec VPN server link.
In the IKEv1/IPsec VPN server window that appears, specify the security key in the Shared IPsec key field. This security key will need to be used on the client when configuring the VPN connection.
The NAT for clients option is enabled in the server settings by default. This setting is used to allow VPN server clients to access the Internet.
Nota
In the current implementation, the system does not check for address conflicts between addresses on servers and addresses on local segments and external interfaces. As a result, the following situations can occur:
If the server address is the same as the address of the segment for which automatic NAT is enabled, disabling the NAT for clients option in the VPN server configuration will not disable NAT for the addresses used by this server i.e. the disabling will not work.
If the server address is the same as the address on the WAN interface, conversely, NAT will not work even if the NAT for clients option is enabled.
The IP address pool size limits the total number of possible simultaneous connections. Like the initial IP address, this setting should not be changed unnecessarily.
Importante
The IP subnet you specify must not match or intersect with the IP addresses of other interfaces of the Keenetic router, as this may result in an IP address conflict.
Select the accounts you want to allow access to the VPN server in the Users section. Here you can also add a new user by specifying a username and password.
User access permissions to the IKEv1/IPsec and IKEv2/IPsec servers are common.
After configuring the server, put the switch in the Enabled state.
By clicking on the Connection statistics link, you can see the connection status and additional information about active sessions.
Nota
When setting up the connection to the VPN server on Android devices, choose the type of VPN connection IPsec Xauth PSK and on iOS devices — IPsec.