IPSec is wonderful. It’s the standard for creating secure site to site VPN solutions. Ubiquiti’s Edgerouter (and UniFi) have native support. Because it is an industry standard, most firewalls support IPSec. However sometimes you need to turn off the VPN for one reason or another.
So how do you have setup your IPSec tunnel in your Edgerouter, but how do you disable it without losing your configuration?
- Under the Config Tree tab select the vpn branch.
- Navigate to the ipsec branch.
- Navigate to the site-to-site sub-branch.
- Select the peer branch
- Select the vpn connection in question.
- Under the tunnel branch you will see a disable with a little ‘+’ next to it.
Selecting that little ‘+’ symbol will tell the edgerouter to disable this site-to-site connection. The next time you need the VPN simply click the resulting ‘-‘ symbol.
If all of that seemed like a lot of mouse clicking, and you feel more comfortable at the CLI. You can issue the following command
delete vpn ipsec site-to-site peer my-vpn-tunnel tunnel 1 disable
Commit and save your changes and then you are good to go. Want to check out if the VPN is back up? Check out the other post here.
If you haven’t setup IPSec yet to your remote sites and locations, you should. The edgerouter makes setting up the connections pretty straightforward between two Edgerouter devices, but you can set it up between any IPSec devices.
In a future post I will document how to setup an IPSec tunnel between your Edgerouter and an existing firewall such as pfSense, SonicWall or Juniper SRX.
Ben has been building VoIP solutions for over 15 years, has over 25 years of Linux administration experience, and enjoys problem-solving. When he is not coding something in Python, or tinkering with some project, you can often find him wandering through the forests and parks of the Pacific Northwest enjoying waterfalls, trails, and animals.