Beschreibung:

Mit diesem Add-in können Sie ein Advanced Mesh VPN für LCOS Geräte erstellen.

Advanced Mesh VPN kann nicht in Verbindung mit DPS und nur auf einem Netz genutzt werden.

Liste der verwendeten Variablen:

VariableBeschreibung




Add-in Code:

/**
 * @param {Config} config
 * @param {Context} context
 * Do not edit this comment or parameter types. Required for code suggestions
*/
exports.main = function (config, context) {

    // debug function

    function warn(msg) {
        config.addScriptLine("# - " + msg);
        config.warnLog(msg);
    }
   
    //warn(context.network.vpnConnections[0]);

    // more info https://knowledgebase.lancom-systems.de/display/KBEN/Configuring+a+LANCOM+Advanced+Mesh+VPN+connection$0
    //spoke config
    if (context.network.isBranchGateway) {

        // VPN IKEv2/IPSec Extended settings IPv4 routing
        // Var Used: context.network.configNameLong
        var table = config.getTableByOid("1.2.19.36.6.1");
        var row;

        row = table.createNewRow();
        row.setByOid("1", "MESH-ROUTE"); // Name
        row.setByOid("2", context.network.configNameLong); // Network
        row.setByOid("3", "0"); // Send IKE-CFG-Address
        table.addOrMerge(row);

        // VPN IKEv2/IPSec Authentication
        var table = config.getTableByOid("1.2.19.36.3.1");
        var row;
        row = table.createNewRow();
        row.setByOid("1", "MESH-AUTH"); // Name
        row.setByOid("2", "2"); // Local authentication
        row.setByOid("13", ""); // Local dig. signature profile
        row.setByOid("3", "2"); // Local identifier type
        row.setByOid("4", context.device.serialNumber); // Local identifier
        row.setByOid("5", context.vars.AdvancedMeshVpnPSK); // PSK
        row.setByOid("6", "2"); // Remote authentication
        row.setByOid("14", ""); // Rem. dig. signature profile DEFAULT-RSA-PKCS
        row.setByOid("18", ""); // PPK-ID
        row.setByOid("16", ""); // EAP profile
        row.setByOid("7", "0"); // Remote identifier type
        row.setByOid("8", ""); // Remote identifier
        row.setByOid("9", context.vars.AdvancedMeshVpnPSK); // Remote password
        row.setByOid("10", ""); // Addit. remote identities list
        row.setByOid("11", ""); // Local certificate
        row.setByOid("12", "0"); // Remote cert. ID check
        row.setByOid("15", "0"); // OCSP check
        row.setByOid("17", "0"); // CRL check
        table.addOrMerge(row);


        // VPN IKEv2/IPSec Connection list
        var table1_2_19_36_1 = config.getTableByOid("1.2.19.36.1");
        var table_1_2_19_36_1_row_1 = table1_2_19_36_1.createNewRow();
        table_1_2_19_36_1_row_1.setByOid(1, "MESH-CONNECTION");
        table_1_2_19_36_1_row_1.setByOid(2, "1");
        table_1_2_19_36_1_row_1.setByOid(3, "300"); // time until drop of mesh vpn
        table_1_2_19_36_1_row_1.setByOid(4, "");
        table_1_2_19_36_1_row_1.setByOid(5, "1");
        table_1_2_19_36_1_row_1.setByOid(6, "DEFAULT");
        table_1_2_19_36_1_row_1.setByOid(7, "MESH-AUTH");
        table_1_2_19_36_1_row_1.setByOid(8, "DEFAULT");
        table_1_2_19_36_1_row_1.setByOid(9, "DEFAULT");
        table_1_2_19_36_1_row_1.setByOid(10, "0");
        table_1_2_19_36_1_row_1.setByOid(18, "");
        table_1_2_19_36_1_row_1.setByOid(19, "");
        table_1_2_19_36_1_row_1.setByOid(24, "");
        table_1_2_19_36_1_row_1.setByOid(22, "");
        table_1_2_19_36_1_row_1.setByOid(25, "");
        table_1_2_19_36_1_row_1.setByOid(11, "1");
        table_1_2_19_36_1_row_1.setByOid(12, "RAS-WITH-NETWORK-SELECTION");
        table_1_2_19_36_1_row_1.setByOid(13, "");
        table_1_2_19_36_1_row_1.setByOid(14, "MESH-ROUTE");
        table_1_2_19_36_1_row_1.setByOid(15, "");
        table_1_2_19_36_1_row_1.setByOid(16, "");
        table_1_2_19_36_1_row_1.setByOid(20, "DEFAULT");
        table_1_2_19_36_1_row_1.setByOid(21, "DEFAULT");
        table_1_2_19_36_1_row_1.setByOid(23, "");
        table_1_2_19_36_1_row_1.setByOid(17, "");
        table1_2_19_36_1.addOrMerge(table_1_2_19_36_1_row_1);


        // VPN IKEv2/IPSec Advanced Mesh VPN
        config.setScalarByOid("1.2.19.36.35.1", "1");
        config.setScalarByOid("1.2.19.36.35.2", "0");
        config.setScalarByOid("1.2.19.36.35.3", "MESH-CONNECTION");
        config.setScalarByOid("1.2.19.36.35.4", "5");
        config.setScalarByOid("1.2.19.36.35.5", "320");
        config.setScalarByOid("1.2.19.36.35.6", "9999");
        config.setScalarByOid("1.2.19.36.35.7", "1");
        config.setScalarByOid("1.2.19.36.35.8", "1");
        config.setScalarByOid("1.2.19.36.35.9", context.network.vpnConnections[0]);   // Name of the VPN to central site

    }

    if (context.network.isCentralGateway) {

        config.setScalarByOid("1.2.19.36.35.1", "2"); //set central to spoke
    }
};


Add-in als JSON-Datei:

AdvancedMeshVPN.json

Alle LANCOM Produkte und Software-Versionen unterliegen dem LANCOM Software Lifecycle Management.
Informationen erhalten Sie auf unserer Webseite unter https://www.lancom-systems.de/produkte/firmware/software-lifecycle-management

© 2025 LANCOM Systems GmbH