ENABLING IPSEC FOR YOUR WAN LINK

WANrockIT: IPsec Encryption

INTRODUCTION

In this guide you will learn how to setup IPsec to encrypt traffic between your WANrockIT Nodes. Using IPsec is ensures the integrity, confidentiality and authentication of data communications over an IP network. It’s recommended to perform this step before performing the steps in the Connecting Nodes with NAT guide; however, IPsec can be enabled or disabled at any time.

It can be configured for setups without NAT as well, but VPNs will likely already be using IPsec encryption to safeguard your traffic.

IMPORTANT NOTES

  • IPsec enabled Nodes will only allow connections from other IPsec enabled Nodes with the same Pre-Shared Key.
  • It is recommended to only enable IPsec when data transfer is stopped as it will break the WAN connection between Nodes until all have been configured for IPsec.
  • It is recommended that HTTPS is already enabled (by default it will already be enabled) before configuring IPsec as this ensures that Pre-Shared Key is only transmitted securely.

ENABLING IPSEC

From the Node’s web interface, navigate to the Passwords & Security page.

aws_passwords_and_security_home

IPsec is disabled by default, so the WANrockIT IPsec Configuration section will be disabled until the ‘Enable IPsec’ checkbox is selected.

aws_passwords_and_security_blank

Select the ‘Enable IPsec’ checkbox and the section will be enabled as shown below:

aws_IPsec_enabled_no_key

You can either enter in your own Pre-Shared Key or use the IPsec key generator by clicking ‘Generate Key’, this will fill in the Pre-Shared Key field as shown below:

aws_IPsec_enabled_with_key

Click Save to store the IPsec configuration, this will become active straight away and any existing WAN connections will break unless they already have IPsec enabled with the same Pre-Shared Key.

Copying the Pre-Shared Key to other WANrockIT Nodes

From the IPsec enabled Node’s web interface, navigate to the Passwords & Security page. The page should look like the example below:

aws_passwords_and_security_filled

Under the WANrockIT IPsec Configuration section click ‘Show Key’ to display the stored Pre-Shared Key. Select and copy this key to your clipboard.

From the web interface of any WANrockIT Nodes you wish to connect to, follow the Enabling IPsec <link> section, but paste in the key from your clipboard instead of generating a new one.

Bridgeworks have looked at the problem of data movement and come at it from an entirely new perspective. In mastering the rules of data movement over distance, Bridgeworks have now broken them to provide you with the ability to move significant volumes of business critical data in real time removing unacceptable time lags, that risk failure, delay or presents major costs to your business.