phpipam icon indicating copy to clipboard operation
phpipam copied to clipboard
verified publisher icon phpipam

IP Sec VPN Template/Records.

Open pizu opened this issue 7 years ago • 7 comments

Hi,

Is it possible to add a module similar to circuits but for VPN - IPsec Connections.

Module Options:

  • [Network]
  1. IP Version: IPv4/6 (Drop Down) - Field Required
  2. Remote Gateway Type: Static IP / DNS (Drop Down) - Field Required
  3. IP/DNS (text/number Field) - Field Required
  4. VPN Config Mode (Tick BOX)
  5. NAT Traversal: Enable/Disable/Forced. (Drop Down) - Field Required
  6. KeepAlive Frequency. - Field Required
  7. Dead Peer Detection (DPD): Disable/On Idle/On demand - Field Required
  • [Authentication - PSK]

1.1) Method: Pre-Shared Key (PSK). (Drop Down)

  • Add passphrase. (password hidden) - Password Retrieval option would be great. - Field Required
  1. IKE Version: 1/2 (Drop Down) - Field Required
  • Version: 1 - adds 2 more options: Aggressive/Main(ID Protection)
  • Version: 2 - No Options

OR

  • [Authentication - Signature]

1.2) Method: Signature. - (Drop Down) - Field Required

  • Certificate. - Field Required
  1. IKE Version: 1/2 (Drop Down) - Field Required
  • Version: 1 - adds 2 more options: Aggressive/Main(ID Protection)
  • Version: 2 - No Options
  1. Peer Options: Any Peer ID / Specific Peer ID / Peer Certificate. (Drop down)
  • If Specific ID is selected you need to enter the ID. - Field Required.
  • If Peer Certificate is selected you need to add the option to upload the certificate. - Field Required.

image

  • [Phase 1 Proposal]

  • The Below can be done as a Custom Field.

  1. Encryption Types. (Drop Down) - Field Required.
  2. Authentication Types. (Drop Down) - Field Required.
  3. Diffie-Hellman (DH) Group(s) - (Tick Boxes) - Field Required (at least 1 option)
  4. Key Lifetime (Seconds). - (Number Field only) - Field Required.
  5. Local ID (number field only - for ip address) - Not Required.
  • [XAuth]

1)Type: Disabled/Client.

  • If Client is selected, you need to add an option for user/pass. - Password Retrieval option would be great. - Field Required

  • [Phase 2 Selectors]

  1. Name of encryption Domain. - Field Required.
  2. Comments.
  3. Local Address. - Subnet/IP/Range. - Field Required.
  4. Remote Address. - Subnet/IP/Range. - Field Required.

image

  • [Phase 2 Proposal]

  • The Below can be done as a Custom Field.

  1. Encryption Types. (Drop Down) - Field Required.
  2. Authentication Types. (Drop Down) - Field Required.
  3. Key Lifetime (Seconds). - (Number Field only) - Field Required.
  4. Enable Reply Detection. - (Tick Box)
  5. Enable Perfect Forward Secrecy (PFS) - (Tick Box). - If tick boxed, the below is required.
  • Diffie-Hellman (DH) Group(s) - (Tick Boxes) - Field Required (at least 1 option)

image

if possible to be downloaded a as template from the ipam and uploaded with settings too, would be a great too.

Thanks :)

pizu avatar Sep 11 '18 11:09 pizu

Any update about this? We are also looking to document our IPSEC-tunnels in phpipam to collect everything in the same place.

ISECNOC avatar Oct 10 '19 12:10 ISECNOC

That would be a great feature!

dmalyshok avatar Oct 25 '19 12:10 dmalyshok

Hi guys! Is this feature request on the roadmap? I think we could help on this.

paiqui-kanu avatar Jul 24 '20 13:07 paiqui-kanu

There are a lot of Logical circuits types that I would like to document in phpIPAM. Those circuits are logical but do have endpoints such as physical circuits:

  • IPSec
  • OpenVPN site-to-site
  • SIP trunk

viaujoc avatar Sep 08 '20 06:09 viaujoc

Concur, this would be useful. Being able to create arbitrary types would be good, otherwise make sure to include things like DirectConnect and other cloud-vendor connections, MPLS, etc.

mike-sol avatar Jul 07 '21 15:07 mike-sol

Hello, Indeed it can be very usefull !

tristanlanoy avatar Jul 27 '21 13:07 tristanlanoy

I would agree, this would be a great feature.

Flums avatar Feb 06 '24 08:02 Flums