#acl All:read
#lang en

<<TableOfContents()>>

= IPSEC site to site VPN =
{{{
configure
edit vpn ipsec

# Fase 1
set ike-group unifi key-exchange ikev2
set ike-group unifi lifetime 14400
set ike-group unifi proposal 1 dh-group 14
set ike-group unifi proposal 1 encryption aes128
set ike-group unifi proposal 1 hash sha1

# Fase 2
set esp-group unifi compression disable
set esp-group unifi lifetime 14400
set esp-group unifi mode tunnel
set esp-group unifi pfs dh-group14
set esp-group unifi proposal 1 encryption aes128
set esp-group unifi proposal 1 hash sha1

# IPSEC VPN
# ToDo
}}}

= Unifi on FreeBSD =
== Install ==
{{{
pkg install unifi5
}}}

Edit ''/etc/rc.conf''
{{{
unifi_enable="YES"
}}}

Keep in mind that Unifi uses the mongodb package, but run it by it's own, on a different port. So you don't have to start mongodb at boot time.

= KPN/XS4All =
{{{
root@router:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 pppoe2
10.40.3.0       0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.40.10.0      0.0.0.0         255.255.255.0   U     0      0        0 eth1.1010
10.162.80.0     0.0.0.0         255.255.240.0   U     0      0        0 eth0.4
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
194.109.5.227   0.0.0.0         255.255.255.255 UH    0      0        0 pppoe2
213.75.112.0    10.162.80.1     255.255.248.0   UG    0      0        0 eth0.4
}}}

= Links =
 * [[https://freetime.mikeconnelly.com/archives/6373]]
 * [[https://robpickering.com/working-around-incomplete-ubiquiti-unifi-security-gateway-dns-service/]]