{"id":79,"date":"2025-02-09T15:25:59","date_gmt":"2025-02-09T14:25:59","guid":{"rendered":"https:\/\/pprzybyla.com\/blog\/?p=79"},"modified":"2025-02-09T15:29:24","modified_gmt":"2025-02-09T14:29:24","slug":"gre-over-ipsec-on-fortigate-and-stormshield","status":"publish","type":"post","link":"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/","title":{"rendered":"GRE over IPsec on Fortigate and Stormshield"},"content":{"rendered":"\n

A few weeks ago I had the unpleasant necessity to start working with Stormshield firewalls. It began with the adoption of a client who had a network consisting of several locations that had stormshield or fortigate firewalls with full-mesh VPNs. To this architecture was to be added a new DC HUB with VM FGT.<\/p>\n\n\n\n

The legacy S2S connection architecture was based on VPNs with selectors. Such a solution is a definite option as to how this can be approached, but it is not very scalable. In case you want to add another network on a given location, which is not in the current selectors, you have to reconfigure the VPN both on that location and any other location which is lucky enough to be connected to it.<\/p>\n\n\n\n

While in the case of Fortigate there is no problem with creating tunnels in which you simply enter 0.0.0.0\/0.0.0.0 in place of the selector and start routing all traffic, in the case of stormshields it is not so simple. By adding a network of type \u201cany\u201d to the selectors we will make all traffic be routed there (that is, we simply cut ourselves off). Ok – cisco also does so not big deal. Well, how about a VTI tunnel? Nah\u2026 only works with stormshield to stormshield connection. <\/p>\n\n\n\n

Well, what is left for us? The good old GRE over IPSEC tunnel. A small note – check what version of software you have and read realese notes of stormshield. Unfortunately, I was lucky enough that stormshield on which I checked whether GRE tunnel to Fortigate would work at all had software version 4.3.29. Version 4.3.30 patches a very cool bug:<\/p>\n\n\n\n

\n

GRE\/GRETAP encapsulation in an IPsec tunnel<\/strong>
Support reference 85626
GRE\/GRETAP packets can once again be encapsulated in an IPsec tunnel. This regression
appeared in SNS version 4.3.24.<\/p>\n<\/blockquote>\n\n\n\n

Don’t ask how much time I lost because of this\u2026.<\/p>\n\n\n\n

Okay if we already know that the soft we have does not have a bug that tunnel configuration is not so difficult. Let’s start with FortiGate. The documentation can be found here: https:\/\/docs.fortinet.com\/document\/fortigate\/7.6.2\/administration-guide\/250464\/cisco-gre-over-ipsec-vpn<\/a><\/p>\n\n\n\n

But I will post mine for quick config below:<\/p>\n\n\n\n

Spoke Public IP: 203.0.113.10
Hub Public IP: 198.51.100.1
BGP Lo0 HUB: 10.255.255.1
BGP Lo0 Spoke: 10.255.255.10
Hub GRE – 169.254.0.1
GRETAP STS – 169.254.0.2<\/p>\n\n\n\n

Phase1 and Phase2 setting are prette straightforward:<\/p>\n\n\n\n

config vpn ipsec phase1-interface\n    edit \"VPN-P1_SPOKE1\"\n        set interface \"WAN1\"\n        set ike-version 2\n        set local-gw 198.51.100.1\n        set keylife 3600\n        set peertype any\n        set net-device disable\n        set proposal aes128-sha256 aes256-sha256\n        set dhgrp 19\n        set nattraversal disable\n        set remote-gw 203.0.113.10\n        set psksecret XXX\n    next\nend\nconfig vpn ipsec phase2-interface\n    edit \"VPN-P2_SPOKE1\"\n        set phase1name \"VPN-P1_SPOKE1\"\n        set proposal aes128-sha256 aes256-sha256\n        set dhgrp 19\n        set auto-negotiate enable\n        set protocol 47\n        set src-addr-type ip\n        set dst-addr-type ip\n        set src-start-ip 198.51.100.1\n        set dst-start-ip 203.0.113.10\n    next\nend<\/code><\/pre>\n\n\n\n
Next we edit VPN interface from Phase1 once again with public IP addresses and make GRE interface (only via CLI). After that greSPOKE1 will be visible on GUI under Interfaces tab.<\/p>\n\n\n\n
config system interface\n    edit \"VPN-P1_SPOKE1\"\n        set ip 198.51.100.1 255.255.255.255\n        set remote-ip 203.0.113.10 255.255.255.255\n    next\nend\nconfig system gre-tunnel\n    edit \"greSPOKE1\"\n        set interface \"VPN-P1_SPOKE1\"\n        set remote-gw 203.0.113.10\n        set local-gw 198.51.100.1\n    next\nend<\/code><\/pre>\n\n\n\n
Last thing is to address newly created gre interface with some private IP address ranges:<\/p>\n\n\n\n
config system interface\n    edit \"greSPOKE1\"\n        set ip 169.254.0.1 255.255.255.255\n        set allowaccess ping\n        set type tunnel\n        set remote-ip 169.254.0.2 255.255.255.255\n    next\nend<\/code><\/pre>\n\n\n\n
Personally, I add the interface gre to the sd-wan zone right away and create a static route entry to the BGP loopback, in this case it will be 10.255.255.10 (if we don’t have some dynamic OSPF type protocol underneath), you can also run BGP session on GRE ip addresses but it’s up to you and your network scenario. Also remember to add firewall policy that allow your traffic.<\/p>\n\n\n\n
Okay the FortiGate part is out of the way now it’s time for Stormshield. Here I did not find some good documentation, the rest will also be based on images because you can’t configure stormshield from the CLI.<\/p>\n\n\n\n
First go to Network – Virtual Interfaces and create new GRE Interface.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Next you might want to create static route for BGP session:<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Now go to VPN -> IPsec VPN and create new connection. Local resources type your public IP and remote networks IP of the peer. On the middle there you put configured peer profile (PSK, IKE Profile, IKE version)<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Now double-click newly created policy and press Peer section – you might want to change encryption profile there. Next go to Advanced configuration and as a protocol select “GRE”<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Last part is to create firewall policy, go to security policy -> Filter – NAT<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Okay we got it. The VPN tunnel at this point should already be UP and you should be able to ping the resources as you have set up (given that on both sides we have proper routing, dynamic or static, and rules on the firewall).<\/p>\n\n\n\n
However, there is still an important issue left – MTU and MSS. The introduction of the GRE tunnel has added a small overhead which will make it so that in the case of actual traffic exchange, e.g. SMB, there will be a problem of \u201cno communication\u201d. <\/p>\n\n\n\n
For both stormshield and FortiGate, there is no way to change MTUs on the interfaces. For the communication to work we need to interfere and change the MSS when exchanging TCP 3-WAY handshake. How to do it? In the rules on the firewall.<\/p>\n\n\n\n
To what value to change we can check by going to FGT and typing the command fnsysctl ifconfig greSPOKE1<\/strong><\/em>:<\/p>\n\n\n\n
FGT (MAIN) # fnsysctl ifconfig greSPOKE1\ngreSPOKE1 Link encap:Unknown HWaddr 5B:66:74:0A:00:00\ninet addr:169.254.0.1 Mask:255.255.255.255\nUP POINTOPOINT RUNNING NOARP MULTICAST MTU:1396<\/strong> Metric:1<\/code><\/pre>\n\n\n\n
MTU:1396 is the MTU that FortiGate detects, but both the server and the host on the other side are unable to detect it when initiating a connection, so they set the MSS at 3-way handshake. If we can’t change the default value on either of them, they will send information that their MSS is 1460. To interfere with that on fortigate go to firewall rule and edit this rule in CLI. Type two commands set tcp-mss-sender set tcp-mss-receiver<\/em><\/strong>:<\/p>\n\n\n\n
config firewall policy\n    edit 4\n        set tcp-mss-sender 1356\n        set tcp-mss-receiver 1356\n    next\nend<\/code><\/pre>\n\n\n\n
All set, every traffic that much this rull will have changed MSS to 1356 (The value should be 40 bytes less than the MTU)<\/p>\n\n\n\n
What about the stormshield? Well we can also altert MSS here. How? U need to go to Application Protection -> Protocols, select IP Protocols, select TCP-UDP, on top change to profile you like and check “Impose MSS limit” and set the value to 1356.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Next go to Application Protection -> Inspection profile press “go to profiles” and select profile you like, on TCP-UDP set proper application profile – the one when you impose MSS.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Now, as in FortiGate, navigate to the rule that matches the GRE traffic, double-click, select Inspection and set the inspection level for IDS or IPS and use the previously edited inspection profile.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Voila, Stormshield will now change MSS.<\/p>\n\n\n\n
That’s it. Where you change MSS will depend on you and your network architecture. If you have any quastions feel free to ask or contact me via email.<\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
A few weeks ago I had the unpleasant necessity to start working with Stormshield firewalls. It began with the adoption of a client who had a network consisting of several locations that had stormshield or fortigate firewalls with full-mesh VPNs. To this architecture was to be added a new DC HUB with VM FGT. The\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":28,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,9],"tags":[],"class_list":["post-79","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-fortigate","category-stormshield"],"yoast_head":"\nGRE over IPsec on Fortigate and Stormshield - Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GRE over IPsec on Fortigate and Stormshield - Blog\" \/>\n<meta property=\"og:description\" content=\"A few weeks ago I had the unpleasant necessity to start working with Stormshield firewalls. It began with the adoption of a client who had a network consisting of several locations that had stormshield or fortigate firewalls with full-mesh VPNs. To this architecture was to be added a new DC HUB with VM FGT. The\u2026 Read More »\" \/>\n<meta property=\"og:url\" content=\"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-02-09T14:25:59+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-02-09T14:29:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pprzybyla.com\/blog\/wp-content\/uploads\/2024\/06\/Zrzut-ekranu-2023-12-12-112355.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1328\" \/>\n\t<meta property=\"og:image:height\" content=\"902\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"http:\/\/pprzybyla.com\/blog\/#\/schema\/person\/78e3f329b514e87d4b8591f2e797b558\"},\"headline\":\"GRE over IPsec on Fortigate and Stormshield\",\"datePublished\":\"2025-02-09T14:25:59+00:00\",\"dateModified\":\"2025-02-09T14:29:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/\"},\"wordCount\":1042,\"commentCount\":0,\"publisher\":{\"@id\":\"http:\/\/pprzybyla.com\/blog\/#\/schema\/person\/78e3f329b514e87d4b8591f2e797b558\"},\"image\":{\"@id\":\"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/pprzybyla.com\/blog\/wp-content\/uploads\/2024\/06\/Zrzut-ekranu-2023-12-12-112355.png\",\"articleSection\":[\"Fortigate\",\"Stormshield\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/\",\"url\":\"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/\",\"name\":\"GRE over IPsec on Fortigate and Stormshield - Blog\",\"isPartOf\":{\"@id\":\"http:\/\/pprzybyla.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/pprzybyla.com\/blog\/wp-content\/uploads\/2024\/06\/Zrzut-ekranu-2023-12-12-112355.png\",\"datePublished\":\"2025-02-09T14:25:59+00:00\",\"dateModified\":\"2025-02-09T14:29:24+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/#primaryimage\",\"url\":\"https:\/\/pprzybyla.com\/blog\/wp-content\/uploads\/2024\/06\/Zrzut-ekranu-2023-12-12-112355.png\",\"contentUrl\":\"https:\/\/pprzybyla.com\/blog\/wp-content\/uploads\/2024\/06\/Zrzut-ekranu-2023-12-12-112355.png\",\"width\":1328,\"height\":902},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/pprzybyla.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GRE over IPsec on Fortigate and Stormshield\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/pprzybyla.com\/blog\/#website\",\"url\":\"http:\/\/pprzybyla.com\/blog\/\",\"name\":\"Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"http:\/\/pprzybyla.com\/blog\/#\/schema\/person\/78e3f329b514e87d4b8591f2e797b558\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/pprzybyla.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"http:\/\/pprzybyla.com\/blog\/#\/schema\/person\/78e3f329b514e87d4b8591f2e797b558\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/pprzybyla.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"http:\/\/pprzybyla.com\/blog\/wp-content\/uploads\/2025\/02\/my-photo-url.jpg\",\"contentUrl\":\"http:\/\/pprzybyla.com\/blog\/wp-content\/uploads\/2025\/02\/my-photo-url.jpg\",\"width\":800,\"height\":800,\"caption\":\"admin\"},\"logo\":{\"@id\":\"http:\/\/pprzybyla.com\/blog\/#\/schema\/person\/image\/\"},\"sameAs\":[\"http:\/\/pprzybyla.com\/blog\"],\"url\":\"https:\/\/pprzybyla.com\/blog\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GRE over IPsec on Fortigate and Stormshield - Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/","og_locale":"en_US","og_type":"article","og_title":"GRE over IPsec on Fortigate and Stormshield - Blog","og_description":"A few weeks ago I had the unpleasant necessity to start working with Stormshield firewalls. It began with the adoption of a client who had a network consisting of several locations that had stormshield or fortigate firewalls with full-mesh VPNs. To this architecture was to be added a new DC HUB with VM FGT. The\u2026 Read More »","og_url":"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/","og_site_name":"Blog","article_published_time":"2025-02-09T14:25:59+00:00","article_modified_time":"2025-02-09T14:29:24+00:00","og_image":[{"width":1328,"height":902,"url":"https:\/\/pprzybyla.com\/blog\/wp-content\/uploads\/2024\/06\/Zrzut-ekranu-2023-12-12-112355.png","type":"image\/png"}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/#article","isPartOf":{"@id":"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/"},"author":{"name":"admin","@id":"http:\/\/pprzybyla.com\/blog\/#\/schema\/person\/78e3f329b514e87d4b8591f2e797b558"},"headline":"GRE over IPsec on Fortigate and Stormshield","datePublished":"2025-02-09T14:25:59+00:00","dateModified":"2025-02-09T14:29:24+00:00","mainEntityOfPage":{"@id":"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/"},"wordCount":1042,"commentCount":0,"publisher":{"@id":"http:\/\/pprzybyla.com\/blog\/#\/schema\/person\/78e3f329b514e87d4b8591f2e797b558"},"image":{"@id":"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/#primaryimage"},"thumbnailUrl":"https:\/\/pprzybyla.com\/blog\/wp-content\/uploads\/2024\/06\/Zrzut-ekranu-2023-12-12-112355.png","articleSection":["Fortigate","Stormshield"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/","url":"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/","name":"GRE over IPsec on Fortigate and Stormshield - Blog","isPartOf":{"@id":"http:\/\/pprzybyla.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/#primaryimage"},"image":{"@id":"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/#primaryimage"},"thumbnailUrl":"https:\/\/pprzybyla.com\/blog\/wp-content\/uploads\/2024\/06\/Zrzut-ekranu-2023-12-12-112355.png","datePublished":"2025-02-09T14:25:59+00:00","dateModified":"2025-02-09T14:29:24+00:00","breadcrumb":{"@id":"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/#primaryimage","url":"https:\/\/pprzybyla.com\/blog\/wp-content\/uploads\/2024\/06\/Zrzut-ekranu-2023-12-12-112355.png","contentUrl":"https:\/\/pprzybyla.com\/blog\/wp-content\/uploads\/2024\/06\/Zrzut-ekranu-2023-12-12-112355.png","width":1328,"height":902},{"@type":"BreadcrumbList","@id":"https:\/\/pprzybyla.com\/blog\/gre-over-ipsec-on-fortigate-and-stormshield\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/pprzybyla.com\/blog\/"},{"@type":"ListItem","position":2,"name":"GRE over IPsec on Fortigate and Stormshield"}]},{"@type":"WebSite","@id":"http:\/\/pprzybyla.com\/blog\/#website","url":"http:\/\/pprzybyla.com\/blog\/","name":"Blog","description":"","publisher":{"@id":"http:\/\/pprzybyla.com\/blog\/#\/schema\/person\/78e3f329b514e87d4b8591f2e797b558"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/pprzybyla.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"http:\/\/pprzybyla.com\/blog\/#\/schema\/person\/78e3f329b514e87d4b8591f2e797b558","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/pprzybyla.com\/blog\/#\/schema\/person\/image\/","url":"http:\/\/pprzybyla.com\/blog\/wp-content\/uploads\/2025\/02\/my-photo-url.jpg","contentUrl":"http:\/\/pprzybyla.com\/blog\/wp-content\/uploads\/2025\/02\/my-photo-url.jpg","width":800,"height":800,"caption":"admin"},"logo":{"@id":"http:\/\/pprzybyla.com\/blog\/#\/schema\/person\/image\/"},"sameAs":["http:\/\/pprzybyla.com\/blog"],"url":"https:\/\/pprzybyla.com\/blog\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/pprzybyla.com\/blog\/wp-json\/wp\/v2\/posts\/79","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pprzybyla.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pprzybyla.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pprzybyla.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pprzybyla.com\/blog\/wp-json\/wp\/v2\/comments?post=79"}],"version-history":[{"count":10,"href":"https:\/\/pprzybyla.com\/blog\/wp-json\/wp\/v2\/posts\/79\/revisions"}],"predecessor-version":[{"id":98,"href":"https:\/\/pprzybyla.com\/blog\/wp-json\/wp\/v2\/posts\/79\/revisions\/98"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pprzybyla.com\/blog\/wp-json\/wp\/v2\/media\/28"}],"wp:attachment":[{"href":"https:\/\/pprzybyla.com\/blog\/wp-json\/wp\/v2\/media?parent=79"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pprzybyla.com\/blog\/wp-json\/wp\/v2\/categories?post=79"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pprzybyla.com\/blog\/wp-json\/wp\/v2\/tags?post=79"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}