Hello Guys.
Sorry for the late reply.
I have found a way (and trested it for the last 4 hours) to get this wotking.
Here it goes:
1. General info
- the VPN tunnels are created for each user using their first and last name
- each user has a specific IPSec VPN tunnel
- this is the first release so please feel free to update or improve my work
- x represents a number from 1 to ... given to each vpn user - it is important because it will be used for the tunnel
- the ip address for each VPN tunnel is 192.168.20x.1 / 24 where x is the number assigned to the user so, for example, if you are configuring the third user, x is 3 and the ip address for the interface is 192.168.203.1 / 24
- you have to do all the config from below for each user
2. Router config
ike local-name vpn.yourdomain.com
ike peer x
exchange-mode aggressive
pre-shared-key <enter the pre shared key for the vpn tunnel>
id-type name
remote-name firstname.lastname
nat traversal
ipsec profile firstname.lastname
pfs dh-group2
ike-peer x
proposal 3des
sa duration time-based 86400
interface Tunnel x
ip address 192.168.20x.1 255.255.255.0
tunnel-protocol ipsec ipv4
source <external IP address>
ipsec profile firstname.lastname
3. Shrew config
- manual IP address form the same class as 192.168.20x.1 / 24
- nat traversal enabled
- you can use yout internal dns if you have one for reloving lan names
- authentication mutual psk
- local: FQDN: firstname.lastname
- remote: FQDN: vpn.yourdomain.com
- credentials: PSK: the key you entered
- phase 1: aggressive, group1, des, sha
- phase 2: esp-3des, md5, group2, disabled
- policy: require + obtain topology automatically
Hope it helps.
If I find a way to create a bridged tunnel and to use internal IP adresses for VPN users I will post a reply.
Regards,
Alex