31,703
edits
No edit summary |
No edit summary |
||
Line 29: | Line 29: | ||
<tr> | <tr> | ||
<td>Enable</td> | <td>Enable</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>Enables the OpenVPN instance</td> | <td>Enables the OpenVPN instance</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>TUN/TAP</td> | <td>TUN/TAP</td> | ||
<td>TUN (tunnel) | <td>TUN (tunnel) | TAP (bridged); Default: '''TUN (tunnel)'''</td> | ||
<td>OpenVPN interface type. '''TUN''' is most often in typical VPN connections, however, '''TAP''' is required in some Ethernet bridging configurations</td> | <td>OpenVPN interface type. '''TUN''' is most often in typical VPN connections, however, '''TAP''' is required in some Ethernet bridging configurations</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Protocol</td> | <td>Protocol</td> | ||
<td>UDP | <td>UDP | TCP; Default: '''UDP'''</td> | ||
<td>The transfer protocol used by the OpenVPN connection. '''TCP''' is connection oriented – once a connection is established, data can be sent bidirectionally. '''UDP''' is a simpler, connectionless Internet protocol. '''UDP''' is usually faster but '''TCP''' has more security features. Choose the connection protocol according to your needs.</td> | <td>The transfer protocol used by the OpenVPN connection. '''TCP''' is connection oriented – once a connection is established, data can be sent bidirectionally. '''UDP''' is a simpler, connectionless Internet protocol. '''UDP''' is usually faster but '''TCP''' has more security features. Choose the connection protocol according to your needs.</td> | ||
</tr> | </tr> | ||
Line 49: | Line 49: | ||
<tr> | <tr> | ||
<td>LZO</td> | <td>LZO</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>With LZO compression, your VPN connection will generate less network traffic. However, enabling this causes a higher CPU load. Use it carefully with a high traffic rate or low CPU resources</td> | <td>With LZO compression, your VPN connection will generate less network traffic. However, enabling this causes a higher CPU load. Use it carefully with a high traffic rate or low CPU resources</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Encryption</td> | <td>Encryption</td> | ||
<td>DES-CBC 64 | <td>DES-CBC 64 | RC2-CBC 128 | DES-EDE-CBC 128 | DES-EDE3-CBC 192 | DESX-CBC 192 | BF-CBC 128 | RC2-40-CBC 40 | CAST5-CBC 128 | RC2-40CBC 40 | CAST5-CBC 128 | RC2-64-CBC 64| AES-128-CBC 128 | AES-192-CBC 192 | AES-256-CBC 256 | none; Default: '''BF-CBC 128'''</td> | ||
<td>Packet encryption algorithm</td> | <td>Packet encryption algorithm</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Authentication</td> | <td>Authentication</td> | ||
<td>TLS | <td>TLS | Static Key | Password | TLS/Password; Default: '''TLS'''</td> | ||
<td>Authentication mode, used to secure data sessions. | <td>Authentication mode, used to secure data sessions. | ||
'''Static key''' is a secret key used for server–client authentication. | '''Static key''' is a secret key used for server–client authentication. | ||
Line 75: | Line 75: | ||
<tr> | <tr> | ||
<td>TLS cipher</td> | <td>TLS cipher</td> | ||
<td>all | <td>all | DHE+RSA | custom; Default: '''all'''</td> | ||
<td>Packet encryption algorithm cipher</td> | <td>Packet encryption algorithm cipher</td> | ||
</tr> | </tr> | ||
Line 85: | Line 85: | ||
<tr> | <tr> | ||
<td>Resolve retry</td> | <td>Resolve retry</td> | ||
<td>integer | <td>integer | infinite; Default: '''infinite'''</td> | ||
<td>Time in seconds to resolve server hostname periodically in case of first resolve failure before generating service exception</td> | <td>Time in seconds to resolve server hostname periodically in case of first resolve failure before generating service exception</td> | ||
</tr> | </tr> | ||
Line 120: | Line 120: | ||
<tr> | <tr> | ||
<td>HMAC authentication algorithm</td> | <td>HMAC authentication algorithm</td> | ||
<td>none | <td>none | SHA1 | SHA256 | SHA384 | SHA512; Default: '''SHA1'''</td> | ||
<td>HMAC authentication algorithm type</td> | <td>HMAC authentication algorithm type</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Additional HMAC authentication</td> | <td>Additional HMAC authentication</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>An additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks</td> | <td>An additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks</td> | ||
</tr> | </tr> | ||
Line 168: | Line 168: | ||
<tr> | <tr> | ||
<td>Enable</td> | <td>Enable</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>Enables the OpenVPN instance</td> | <td>Enables the OpenVPN instance</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>TUN/TAP</td> | <td>TUN/TAP</td> | ||
<td>TUN (tunnel) | <td>TUN (tunnel) | TAP (bridged); Default: '''TUN (tunnel)'''</td> | ||
<td>OpenVPN interface type. '''TUN''' is most often in typical VPN connections, however, '''TAP''' is required in some Ethernet bridging configurations</td> | <td>OpenVPN interface type. '''TUN''' is most often in typical VPN connections, however, '''TAP''' is required in some Ethernet bridging configurations</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Protocol</td> | <td>Protocol</td> | ||
<td>UDP | <td>UDP | TCP; Default: '''UDP'''</td> | ||
<td>The transfer protocol used by the OpenVPN connection. '''TCP''' is connection oriented – once a connection is established, data can be sent bidirectionally. '''UDP''' is a simpler, connectionless Internet protocol. '''UDP''' is usually faster but '''TCP''' has more security features. Choose the connection protocol according to your needs.</td> | <td>The transfer protocol used by the OpenVPN connection. '''TCP''' is connection oriented – once a connection is established, data can be sent bidirectionally. '''UDP''' is a simpler, connectionless Internet protocol. '''UDP''' is usually faster but '''TCP''' has more security features. Choose the connection protocol according to your needs.</td> | ||
</tr> | </tr> | ||
Line 188: | Line 188: | ||
<tr> | <tr> | ||
<td>LZO</td> | <td>LZO</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>With LZO compression, your VPN connection will generate less network traffic. However, enabling this causes a higher CPU load. Use it carefully with a high traffic rate or low CPU resources</td> | <td>With LZO compression, your VPN connection will generate less network traffic. However, enabling this causes a higher CPU load. Use it carefully with a high traffic rate or low CPU resources</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Encryption</td> | <td>Encryption</td> | ||
<td>DES-CBC 64 | <td>DES-CBC 64 | RC2-CBC 128 | DES-EDE-CBC 128 | DES-EDE3-CBC 192 | DESX-CBC 192 | BF-CBC 128 | RC2-40-CBC 40 | CAST5-CBC 128 | RC2-40CBC 40 | CAST5-CBC 128 | RC2-64-CBC 64| AES-128-CBC 128 | AES-192-CBC 192 | AES-256-CBC 256 | none; Default: '''BF-CBC 128'''</td> | ||
<td>Packet encryption algorithm</td> | <td>Packet encryption algorithm</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Authentication</td> | <td>Authentication</td> | ||
<td>TLS'''*''' | <td>TLS'''*''' | Static Key | Password | TLS/Password; Default: '''TLS'''</td> | ||
<td>Authentication mode, used to secure data sessions. | <td>Authentication mode, used to secure data sessions. | ||
'''Static key''' is a secret key used for server–client authentication. | '''Static key''' is a secret key used for server–client authentication. | ||
Line 214: | Line 214: | ||
<tr> | <tr> | ||
<td>TLS cipher</td> | <td>TLS cipher</td> | ||
<td>all | <td>all | DHE+RSA | custom; Default: '''all'''</td> | ||
<td>Packet encryption algorithm cipher</td> | <td>Packet encryption algorithm cipher</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Client to client</td> | <td>Client to client</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>Enables client to client communication in the Virtual network. In order for Client to client to work, the TLS Clients section most be utilized</td> | <td>Enables client to client communication in the Virtual network. In order for Client to client to work, the TLS Clients section most be utilized</td> | ||
</tr> | </tr> | ||
Line 245: | Line 245: | ||
<tr> | <tr> | ||
<td>Allow duplicate certificates</td> | <td>Allow duplicate certificates</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>If checked, the server allows clients to connect with identical certificates</td> | <td>If checked, the server allows clients to connect with identical certificates</td> | ||
</tr> | </tr> | ||
Line 350: | Line 350: | ||
<tr> | <tr> | ||
<td>Enable</td> | <td>Enable</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>Toggles the IPsec instance ON or OFF</td> | <td>Toggles the IPsec instance ON or OFF</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>IKE version</td> | <td>IKE version</td> | ||
<td>IKEv1 | <td>IKEv1 | IKEv2; Default: '''IKEv1'''</td> | ||
<td>Method of key exchange</td> | <td>Method of key exchange</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Mode</td> | <td>Mode</td> | ||
<td>Main | <td>Main | Aggressive; Default: '''Main'''</td> | ||
<td>ISAKMP phase 1 exchange mode</td> | <td>ISAKMP phase 1 exchange mode</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Type</td> | <td>Type</td> | ||
<td>Tunnel | <td>Tunnel | Transport; Default: '''Tunnel'''</td> | ||
<td>Type of connection. <br> '''Tunnel''': protects the internal routing information by encrypting the IP header of the original packet. The original packet is encapsulated by a another set of IP headers. NAT traversal is supported with the tunnel mode. <br> '''Transport''': encrypts only the payload and Encapsulating Security Payload (ESP) trailer; so the IP header of the original packet is not encrypted. Transport mode is usually used when another tunneling protocol (such as [[RUT950 VPN#GRE_Tunnel|GRE]], [[RUT950 VPN#L2TP|L2TP]] (click '''[[L2TP over IPsec|here]]''' for a configuration example on '''L2TP over IPsec''')) is used to first encapsulate the IP data packet, then IPsec is used to protect the GRE/L2TP tunnel packets. NAT traversal is not supported with the transport mode.</td> | <td>Type of connection. <br> '''Tunnel''': protects the internal routing information by encrypting the IP header of the original packet. The original packet is encapsulated by a another set of IP headers. NAT traversal is supported with the tunnel mode. <br> '''Transport''': encrypts only the payload and Encapsulating Security Payload (ESP) trailer; so the IP header of the original packet is not encrypted. Transport mode is usually used when another tunneling protocol (such as [[RUT950 VPN#GRE_Tunnel|GRE]], [[RUT950 VPN#L2TP|L2TP]] (click '''[[L2TP over IPsec|here]]''' for a configuration example on '''L2TP over IPsec''')) is used to first encapsulate the IP data packet, then IPsec is used to protect the GRE/L2TP tunnel packets. NAT traversal is not supported with the transport mode.</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>My identifier type</td> | <td>My identifier type</td> | ||
<td>Address | <td>Address | FQDN | User FQDN; Default: '''FQDN'''</td> | ||
<td>Type of connection</td> | <td>Type of connection</td> | ||
</tr> | </tr> | ||
Line 380: | Line 380: | ||
<tr> | <tr> | ||
<td>Local IP address/Subnet mask</td> | <td>Local IP address/Subnet mask</td> | ||
<td>ip/netmask | <td>ip/netmask | Default: " "</td> | ||
<td>Local network secure group IP address and mask used to determine at what subnet an IP address can be accessed. Netmask range [0 - 32]. If left empty IP address will be selected automatically</td> | <td>Local network secure group IP address and mask used to determine at what subnet an IP address can be accessed. Netmask range [0 - 32]. If left empty IP address will be selected automatically</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Left firewall</td> | <td>Left firewall</td> | ||
<td>yes | <td>yes | no; Default: '''yes'''</td> | ||
<td>Excludes IPsec tunnel from firewall rules</td> | <td>Excludes IPsec tunnel from firewall rules</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Force encapsulation</td> | <td>Force encapsulation</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>Forces UDP encapsulation for ESP packets even if no NAT situation is detected</td> | <td>Forces UDP encapsulation for ESP packets even if no NAT situation is detected</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Dead Peer Detection</td> | <td>Dead Peer Detection</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>The values 'clear', 'hold' and 'restart' all activate DPD</td> | <td>The values 'clear', 'hold' and 'restart' all activate DPD</td> | ||
</tr> | </tr> | ||
Line 405: | Line 405: | ||
<tr> | <tr> | ||
<td>Remote VPN endpoint</td> | <td>Remote VPN endpoint</td> | ||
<td>host | <td>host | ip; Default: " "</td> | ||
<td>IP address or hostname of the remote IPsec instance</td> | <td>IP address or hostname of the remote IPsec instance</td> | ||
</tr> | </tr> | ||
Line 415: | Line 415: | ||
<tr> | <tr> | ||
<td>Right firewall</td> | <td>Right firewall</td> | ||
<td>yes | <td>yes | no; Default: '''yes'''</td> | ||
<td>Excludes remote side IPsec tunnel from firewall rules</td> | <td>Excludes remote side IPsec tunnel from firewall rules</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Enable keep alive</td> | <td>Enable keep alive</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>Toggles the tunnel's keep alive function ON or OFF. When enabled, the instance sends ICMP packets to the specified host at the specified frequency. If no response is received, the instance attempts to restart the connection</td> | <td>Toggles the tunnel's keep alive function ON or OFF. When enabled, the instance sends ICMP packets to the specified host at the specified frequency. If no response is received, the instance attempts to restart the connection</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Host</td> | <td>Host</td> | ||
<td>host | <td>host | ip; Default: " "</td> | ||
<td>Hostname or IP address to which ICMP packets will be sent to. Best to use a hostname/IP address belonging to the opposite instance's LAN</td> | <td>Hostname or IP address to which ICMP packets will be sent to. Best to use a hostname/IP address belonging to the opposite instance's LAN</td> | ||
</tr> | </tr> | ||
Line 435: | Line 435: | ||
<tr> | <tr> | ||
<td>Allow WebUI access</td> | <td>Allow WebUI access</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>Allows WebUI access for hosts from the opposite instance</td> | <td>Allows WebUI access for hosts from the opposite instance</td> | ||
</tr> | </tr> | ||
Line 455: | Line 455: | ||
<tr> | <tr> | ||
<td>Encryption algorithm</td> | <td>Encryption algorithm</td> | ||
<td>DES | <td>DES | 3DES | AES 128 | AES 192 | AES256; Default: '''3DES'''</td> | ||
<td>The encryption algorithm must match with another incoming connection</td> | <td>The encryption algorithm must match with another incoming connection</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Authentication</td> | <td>Authentication</td> | ||
<td>MD5 | <td>MD5 | SHA1 | SHA256 | SHA384 | SHA512; Default: '''SHA1'''</td> | ||
<td>The authentication algorithm must match with another incoming connection</td> | <td>The authentication algorithm must match with another incoming connection</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Has algorithm</td> | <td>Has algorithm</td> | ||
<td>MD5 | <td>MD5 | SHA1 | SHA256 | SHA384 | SHA512; Default: '''SHA1'''</td> | ||
<td>The hash algorithm must match with another incoming connection</td> | <td>The hash algorithm must match with another incoming connection</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>DH group</td> | <td>DH group</td> | ||
<td>MODP768 | <td>MODP768 | MODP1024 | MODP1536 | MODP2048 | MODP3072 | MODP4096; Default: '''MODP1536'''</td> | ||
<td>The DH (Diffie-Helman) group must match with another incoming connection</td> | <td>The DH (Diffie-Helman) group must match with another incoming connection</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>PFS group</td> | <td>PFS group</td> | ||
<td>MODP768 | <td>MODP768 | MODP1024 | MODP1536 | MODP2048 | MODP3072 | MODP4096 | No PFS; Default: '''MODP1536'''</td> | ||
<td>The PFS (Perfect Forward Secrecy) group must match with another incoming connection</td> | <td>The PFS (Perfect Forward Secrecy) group must match with another incoming connection</td> | ||
</tr> | </tr> | ||
Line 512: | Line 512: | ||
<tr> | <tr> | ||
<td>Enabled</td> | <td>Enabled</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>Toggles GRE Tunnel ON or OFF</td> | <td>Toggles GRE Tunnel ON or OFF</td> | ||
</tr> | </tr> | ||
Line 547: | Line 547: | ||
<tr> | <tr> | ||
<td>PMTUD</td> | <td>PMTUD</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>Toggles the Path Maximum Transmission Unit Discovery (PMTUD) status on this tunnel ON or OFF</td> | <td>Toggles the Path Maximum Transmission Unit Discovery (PMTUD) status on this tunnel ON or OFF</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Redirect LAN to GRE</td> | <td>Redirect LAN to GRE</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>Redirects LAN traffic to the GRE interface</td> | <td>Redirects LAN traffic to the GRE interface</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Enable Keep alive</td> | <td>Enable Keep alive</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>Gives the ability for one side to originate and receive keep alive packets to and from a remote router</td> | <td>Gives the ability for one side to originate and receive keep alive packets to and from a remote router</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Keep Alive host</td> | <td>Keep Alive host</td> | ||
<td>host | <td>host | ip; Default: " "</td> | ||
<td>Keep Alive IP address to send pings to. Preferably this should be an IP address which belongs to the LAN network on the remote device</td> | <td>Keep Alive IP address to send pings to. Preferably this should be an IP address which belongs to the LAN network on the remote device</td> | ||
</tr> | </tr> | ||
Line 595: | Line 595: | ||
<tr> | <tr> | ||
<td>Enable</td> | <td>Enable</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>Toggles PPTP Client ON or OFF</td> | <td>Toggles PPTP Client ON or OFF</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Use as default gateway</td> | <td>Use as default gateway</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>Use this PPTP instance as default gateway</td> | <td>Use this PPTP instance as default gateway</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Client to client</td> | <td>Client to client</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>Toggles client to client on the PPTP tunnel ON or OFF</td> | <td>Toggles client to client on the PPTP tunnel ON or OFF</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Server</td> | <td>Server</td> | ||
<td>host | <td>host | ip; Default: " "</td> | ||
<td>PPTP server's IP address or hostname</td> | <td>PPTP server's IP address or hostname</td> | ||
</tr> | </tr> | ||
Line 637: | Line 637: | ||
<tr> | <tr> | ||
<td>Enable</td> | <td>Enable</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>Toggles PPTP Server ON or OFF</td> | <td>Toggles PPTP Server ON or OFF</td> | ||
</tr> | </tr> | ||
Line 693: | Line 693: | ||
<tr> | <tr> | ||
<td>Enable</td> | <td>Enable</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>Toggles L2TP Client ON or OFF</td> | <td>Toggles L2TP Client ON or OFF</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Server</td> | <td>Server</td> | ||
<td>host | <td>host | ip; Default: " "</td> | ||
<td>L2TP server's remote IP address or hostname</td> | <td>L2TP server's remote IP address or hostname</td> | ||
</tr> | </tr> | ||
Line 725: | Line 725: | ||
<tr> | <tr> | ||
<td>Enable</td> | <td>Enable</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>Toggles L2TP Server ON or OFF</td> | <td>Toggles L2TP Server ON or OFF</td> | ||
</tr> | </tr> | ||
Line 808: | Line 808: | ||
<tr> | <tr> | ||
<td>Enabled</td> | <td>Enabled</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>Enables the Stunnel configuration.</td> | <td>Enables the Stunnel configuration.</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Operating Mode</td> | <td>Operating Mode</td> | ||
<td>Client | <td>Client | Server; Default: ""</td> | ||
<td>Specifies whether this configuration will be used for Stunnel client or server.</td> | <td>Specifies whether this configuration will be used for Stunnel client or server.</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Listen IP</td> | <td>Listen IP</td> | ||
<td>ip | <td>ip | host; Default: ""</td> | ||
<td>'''OPTIONAL''' | <td>'''OPTIONAL''' | ||
Line 837: | Line 837: | ||
<tr> | <tr> | ||
<td>TLS Cipher</td> | <td>TLS Cipher</td> | ||
<td>None | <td>None | Secure | Custom</td> | ||
<td>Select permitted TLS ciphers (TLSv1.2 and below). If custom is selected, a new field appears to enter custom ciphers.</td> | <td>Select permitted TLS ciphers (TLSv1.2 and below). If custom is selected, a new field appears to enter custom ciphers.</td> | ||
</tr> | </tr> | ||
Line 849: | Line 849: | ||
<tr> | <tr> | ||
<td>Application Protocol</td> | <td>Application Protocol</td> | ||
<td>Not specified | <td>Not specified | Connect | SMTP; Default: '''Not specified'''</td> | ||
<td>'''CLIENT SIDE ONLY''' | <td>'''CLIENT SIDE ONLY''' | ||
Line 858: | Line 858: | ||
<tr> | <tr> | ||
<td>Protocol Authentication</td> | <td>Protocol Authentication</td> | ||
<td>'''Connect:''' Basic | <td>'''Connect:''' Basic | NTLM; Default: '''Basic''' | ||
'''SMTP:''' Plain | '''SMTP:''' Plain | Login; Default: '''Plain'''</td> | ||
<td>'''CLIENT SIDE ONLY''' | <td>'''CLIENT SIDE ONLY''' | ||
Line 907: | Line 907: | ||
<tr> | <tr> | ||
<td>Verification</td> | <td>Verification</td> | ||
<td>None | <td>None | Verify Chain | Verify Peer; Default: '''None'''</td> | ||
<td>Verification type. '''Verify Chain''' verifies connections against a Certificate Authority (CA) file, while '''Verify Peer''' verifies connections against a list of approved certificates.</td> | <td>Verification type. '''Verify Chain''' verifies connections against a Certificate Authority (CA) file, while '''Verify Peer''' verifies connections against a list of approved certificates.</td> | ||
</tr> | </tr> | ||
Line 963: | Line 963: | ||
<tr> | <tr> | ||
<td>Enabled</td> | <td>Enabled</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>Enables/activates all the enabled Stunnel configurations.</td> | <td>Enables/activates all the enabled Stunnel configurations.</td> | ||
</tr> | </tr> | ||
Line 975: | Line 975: | ||
<tr> | <tr> | ||
<td>Use alternative config</td> | <td>Use alternative config</td> | ||
<td>yes | <td>yes | no; Default: '''no'''</td> | ||
<td>Enable alternative configuration option (Config upload). | <td>Enable alternative configuration option (Config upload). | ||
Line 1,015: | Line 1,015: | ||
** [[OpenVPN traffic split]] | ** [[OpenVPN traffic split]] | ||
** [[OpenVPN client on Windows]] | ** [[OpenVPN client on Windows]] | ||
[[Category:RUT950 WebUI]] |