MEMSET VPN

How to set up your Memset VPN

Once your VPN appliance is live, it will show up in your Memset services overview, as below:

Upon clicking on “Manage” from within the VPN appliance, you will be presented with the options shown below:

The first step in configuring the VPN appliance is to add an IPsec connection. This will involve specifying the Phase 1 and 2 connection parameters required to establish an IPsec tunnel. Click on “Configure IPsec connections”.

You will then be presented with the below form:

Once you are satisfied with the IPsec parameters, save them. You will then be redirected to the IPsec connection overview screen:

There is now an IPsec connection row, with an option to provide us with your pre-shared key for endpoint authentication. Please leave your pre-shared key using the respective button found on the newly created row.

Return to the VPN appliance control panel options (shown above), and you will find a “reload VPN” button. This will reload the IPsec configuration on your VPN appliance for you.

Please note: There are no automated reloads, if you need to make changes to your connections ensure that a reload is carried out afterwards.

The ESP protocol and UDP port 500 will need to be open on your IPsec endpoint and any intermediary firewalls.

A tunnel will only be established on a request to send traffic to the remote ranges. So to test that your IPsec configuration is correct on both ends, try to send traffic across the tunnel.

Once The IPsec connection has been established, you will need to configure the infrastructure to route traffic across your VPN tunnel, as required, some instructions on how to do this can be found below.

The aforementioned configuration will involve adding routes for the RFC1918 address ranges at both ends of the VPN tunnel.

For example, if the address range in your remote office is 10.87.4.0/24, and the Memset VLAN/Private IP address for your VPN Appliance is 192.168.0.10, the below commands would ensure traffic destined for your remote office is routed across the tunnel:

For GNU/Linux using the IP utility:

ip route add 10.87.4.0/24 via 192.168.0.10 dev eth0

Please note: This will not persist after a reboot. In order to make a route persistent, it will need to be added to the network interfaces file for the respective distribution or an init script run on boot.

For Debian-based distributions, for example, the ip command can be added to the /etc/network/intefaces file on the interface that has your Memset VLAN IP address assigned. The below is an example of an interface:

auto eth1
iface eth1 inet static
    address 192.168.0.60
    network 192.168.0.60
    netmask 255.255.255.0
    broadcast 192.168.0.255
    
    up ip route add 10.87.4.0/24 via 192.168.0.10 src 192.168.0.60

For Windows (Server 2008R2 to 2016) using the route utility in a command prompt or Powershell:

route -p add 10.87.4.0 MASK 255.255.255.0 192.168.0.10 METRIC 1

Providing routes mentioned above are configured on both your Memset infrastructure and infrastructure on the other end of the tunnel, traffic will be routed across the VPN tunnel.

Our VPN Product does not come with support as standard and may be deemed as chargeable, confirmation of which will be display upon creating the ticket. If you do have any issues or questions however, please contact our ​support team whom will assist you further.