Rockhopper VPN (IKEv1 Config)

IKEv1 configuration

- Version: 0.2.b1-022 or later

Enable IKEv1.

Legacy IKEv1 is not enabled by default. You can enable it on Global Configuration tab of Web console.

- Web Console:Global Configuration[Tab] > Global Settings[Tab]

Check Enable IKEv1.
Check Enable Main mode.
Also, check Enable Aggressive mode if needed.
Save the global configuration.
Restart Rockhopper like this (e.g. Ubuntu) or simply restart your system:

# sudo /etc/init.d/rockhopper restart
or
# sudo systemctl restart rockhopper

Cofigure an initiator to connect VPN by IKEv1.

Open Rockhopper Web Console and login.
Setup Peers.
- VPN Configuration[Tab] > VPN Realms[Left-Tree] > Realm ID: Realm Name[Left-Tree] > Peers[Left-Tree]:
Click this tree node and show Peers pane.

- Click Add Peer button.

- Add a New Peer[Dialog]: Enter the following, then click OK button.

Peer ID Type: Host Name(FQDN)
Peer ID: gateway1.example.com
Setup the Peer's information.
- VPN Configuration[Tab] > VPN Realms[Left-Tree] > Realm ID: Realm Name[Left-Tree] > Peers[Left-Tree] > gateway1.example.com(FQDN)[Left-Tree]:
Click this tree node and show Remote Peer: gateway1.example.com(FQDN) pane.

- Enter the following.

Peer's IPv4 Address: 10.0.0.1 (If address resolution by DNS is not available)

Check Connect by using IKEv1 (initiator) and select an exchange mode (Main mode or Aggressive mode). If needed, check Enable commit-bit for Quick mode (Phase 2).

Also, you may need to check Enable always-on connection if this node is deployed as a gateway.
Save this realm's configuration.
- VPN Configuration[Tab] > Edit VPN Realm(Save, Add, Remove or Load)[Left-Tree]:
Click this tree node and show Edit VPN Realm(Save, Add, Remove, or Load) pane.

- Click Save Configuration button.

Cofigure a responder to connect VPN by IKEv1.

By enabling IKEv1 on Global Configuration tab of Web console as mentioned above, Rockhopper works as an IKEv1 responder node.

Cofigure Pre-Shared Keys (PSK) for IKEv1.

If you want to use Pre-Shared Key (PSK) as an authentication method, unlike IKEv2, you don't need to configure a key for a local node on the My Key Store Pane of Web Console. Just setup keys for remote peers on the Remote Peers' Key Store Pane.

Of course, you need to configure the same authentication method for both initiator and responder. This is also one of the differences between IKEv1 and IKEv2.

Cofigure a responder(Hub / Gateway) as a XAUTH server.

Also, Rockhopper can work as a XAUTH server (On the other hand, currently, it doesn't support a XAUTH client).

Open Rockhopper Web Console and login.
Setup Service.
- VPN Configuration[Tab] > VPN Realms[Left-Tree] > Realm ID: Realm Name[Left-Tree] > Service[Left-Tree]:
Click this tree node and show Service pane.

- Network Deployment: Select Hub (Concentrator / Gateway / NHS) Node.

- IKEv1 XAUTH Server: Select an authentication method.
- XAUTH: PSK(Pre-Shared Key) - PAP,
- XAUTH: RSA-Sig(RSA Signature) - PAP or
- Hybrid: RSA-Sig(RSA Signature) - PAP
Setup Remote Config Server if needed.
- VPN Configuration[Tab] > VPN Realms[Left-Tree] > Realm ID: Realm Name[Left-Tree] >Service[Left-Tree] > Remote Config Server[Left-Tree]:
Click this tree node and show Remote Config Server pane.
Setup Peers' Key Store.
- VPN Configuration[Tab] > VPN Realms[Left-Tree] > Realm ID: Realm Name[Left-Tree] > Peers' Key Store[Left-Tree]:
Click this tree node and show Peers Key Store pane.

- Click Add Peer's Key/Password button.

- Add a New Peer's Key[Dialog]: Enter the following, then click "OK" button.

Peer ID Type: IKEv1 : XAUTH User Name
Peer ID: (e.g.) alice
Pre-Shared Key(PSK)/Password: (e.g.) 1234567890
Save this realm's configuration.
- VPN Configuration[Tab] > Edit VPN Realm(Save, Add, Remove or Load)[Left-Tree]:
Click this tree node and show Edit VPN Realm(Save, Add, Remove, or Load) pane.

- Click Save Configuration button.

Rockhopper VPN