How to configure a site to site VPN for Static IP Connections

A Virtual Private Network (VPN) is a virtual private network that interconnects remote (and often geographically separate) networks through primarily public communication infrastructures such as the Internet. This article explains how to set up a basic IPSEC VPN- terminated tunnel between capable Simplifi routers when the connections on both routers are configured with publicly routable static IP addresses.

Before getting started, first make sure that both Simplifi routers are online and are properly obtaining static IP addresses from your ISP(s). Additionally, you will need to make sure that the local networks of the routers do not match. For example, if Router #1 is already set up using the default network of 192.168.2.1, you would want to change Router #2's local network to use a different private network (such as 192.168.88.1 or 172.16.0.1).

After verifying that both Simplifi routers are online with routable static IP addresses, and after verifying that both routers have been configured on different local subnets, the directions below will help configure a VPN tunnel between the two routers.
This is an example setup where both routers have routable static WAN IP addresses. Computer #1 is connected behind Simplifi Router #1 and Computer #2 is connected behind Simplifi Router #2.

 

Router #1

Router #2

LAN IP

192.168.2.1

192.168.88.1

LAN Netmask

255.255.255.0

255.255.255.0

WAN IP

166.130.90.1

166.30.87.113

Computer

1092.168.2.215

192.168.88.199

 
A typical VPN tunnel between these routers would allow Computer #1 (and other computers getting addresses from Router #1) to be able to connect directly to Computer #2 (and other computers getting addresses from Router #2) using a secure tunnel across the unsecure public Internet.
 
Configuration
Router #1 Configuration:

  • Step 1: Log into the router's Setup Page via http://192.168.10.1 or in the event this doesn’t work, you can enter 192.168.2.1 which will work on either WiFi or LAN connection
  • Step 2: Click on Network menu and select IPSec VPN tab.
  • Step 3: Under VPN Tunnels – Enter a Tunnel Name and click Add to create an IPsec VPN tunnel on your router.
  • Step 4: Click on Edit button to configure your new tunnel.
  • Step 5: Enter the following Information:

Mode: start (route as optional)

Remote Gateway: 166.130.87.113 (WAN IP of router#2)

Remote subnet:192.168.88.0/24 (IP address of specified host as optional)

Local subnet: 192.168.2.0/24 (local LAN IP block of router#2)

Pre-shared key: your unique keys.

Phase 1(IKE) Proposalselect predefined default proposals

Phase 1 Lifetime: set as default settings

Phase 2 (ESP) Proposal: select predefined default proposals

Phase 2 life time: set as default settings

  • Step 6: select the Enabled radio button to activate the new tunnel. (un-selected to disable the tunnel profile).

  • Step 7: Click Save.

  • Step 8: In the IPSec VPN section click Enabled on your new created tunnel to activate IPSec VPN session.

  • Step 9: Click Save.

Router #2 Configuration:

  • Step 1: Log into the router's Setup Page via http://192.168.10.1 or in the event this doesn’t work, you can enter 192.168.2.1 which will work on either WiFi or LAN connection

  • Step 2: Click on Network menu and select IPSec VPN tab.

  • Step 3: Under VPN Tunnels – Enter a Tunnel Name and click Add to create an IPsec VPN tunnel on your router.

  • Step 4: Click on Edit button to configure your new tunnel.

  • Step 5: Enter the following Information:

Mode: start (route as optional)

Remote Gateway: 166.130.90.1 (WAN IP of router#2)

Remote subnet: 192.168.2.0/24 (IP address of specified host as optional)

Local subnet: 192.168.88.0/24 (local LAN IP block of router#2)

Pre-shared key: your unique keys.

Phase 1(IKE) Proposal: select predefined default proposals

Phase 1 Lifetime: set as default settings

Phase 2 (ESP) Proposal: select predefined default proposals

Phase 2 life time: set as default settings

  • Step 6: select the Enabled radio button to activate the new tunnel. (un-selected to disable the tunnel profile).

Note: Start mode will keep the tunnel active whenever the WAN connection is active. Route Mode will leave the tunnel idle until traffic bound for the other side of the tunnel is detected

  • Step 7: Click Save.

  • Step 8: In the IPSec VPN section click Enabled on your new created tunnel to activate IPSec VPN session.

  • Step 9: Click Save