Template:Networking rut manual vpn: Difference between revisions
Template:Networking rut manual vpn (view source)
Revision as of 11:09, 24 October 2023
, 24 October 2023Text replacement - "\{\{Template: Networking_rutos_manual_fw_disclosure (.*) (.*) (.*) (.*) \}\}" to "{{Template: Networking_device_manual_fw_disclosure | series = {{{series}}} | name = {{{name}}} | fw_version ={{Template: Networking_device_manual_latest_fw | series = {{{series}}} | name = {{{name}}} }} }}"
Gytispieze (talk | contribs) m (Text replacement - "\{\{Template: Networking_rutos_manual_fw_disclosure (.*) (.*) (.*) (.*) \}\}" to "{{Template: Networking_device_manual_fw_disclosure | series = {{{series}}} | name = {{{name}}} | fw_version ={{Template: Networking_device_manual_latest_fw | series = {{{series}}} | name = {{{name}}} }} }}") |
|||
(39 intermediate revisions by 9 users not shown) | |||
Line 1: | Line 1: | ||
{{Template: Networking_device_manual_fw_disclosure | |||
| series = {{{series}}} | |||
| name = {{{name}}} | |||
| fw_version ={{Template: Networking_device_manual_latest_fw | |||
| series = {{{series}}} | |||
| name = {{{name}}} | |||
}} | |||
}} | |||
==Summary== | ==Summary== | ||
<b>Virtual Private Network</b> (<b>VPN</b>) is a method of connecting multiple private networks across the Internet. VPNs can serve to achieve many different goals, but some of its main purposes are: | <b>Virtual Private Network</b> (<b>VPN</b>) is a method of connecting multiple private networks across the Internet. VPNs can serve to achieve many different goals, but some of its main purposes are: | ||
<ul> | <ul> | ||
<li>access between remote private networks;</li> | <li>providing access between remote private networks;</li> | ||
<li>data encryption | <li>providing data encryption and anonymity when browsing the Internet.</li> | ||
</ul> | </ul> | ||
This | This chapter of the user manual provides an overview of the Firewall page for {{{name}}} devices. | ||
==OpenVPN== | ==OpenVPN== | ||
Line 26: | Line 30: | ||
To begin configuration, click the 'Edit' button next to the client instance. Refer to the figure and table below for information on the OpenVPN client's configuration fields: | To begin configuration, click the 'Edit' button next to the client instance. Refer to the figure and table below for information on the OpenVPN client's configuration fields: | ||
[[File:{{{file_openvpn_client_config}}}|border|class= | [[File:{{{file_openvpn_client_config}}}|border|class=tlt-border]] | ||
<table class="nd-mantable"> | <table class="nd-mantable"> | ||
Line 94: | Line 98: | ||
<tr> | <tr> | ||
<td>Encryption</td> | <td>Encryption</td> | ||
<td>DES-CBC 64 | RC2-CBC 128 | DES-EDE-CBC 128 | DES-EDE3-CBC 192 | DESX-CBC 192 | <td>DES-CBC 64 | RC2-CBC 128 | DES-EDE-CBC 128 | DES-EDE3-CBC 192 | DESX-CBC 192 | RC2-40-CBC 40 | CAST5-CBC 128 | RC2-64-CBC 64 | AES-128-CFB 128 | AES-128-CFB1 128 | AES-128-CFB8 128 | AES-128-OFB 128 | AES-128-CBC 128 | AES-128-GCM 128 | AES-192-CFB 192 | AES-192-CFB1 192 | AES-192-CFB8 192 | AES-192-OFB 192 | AES-192-CBC 192 | AES-192-GCM 192 | AES-256-CFB 256 | AES-256-CFB1 256 | AES-256-CFB8 256 | AES-256-OFB 256 | AES-256-CBC 256 | AES-256-GCM 256 | none ; default: <b>BF-CBC 128</b></td> | ||
<td>Algorithm used for packet encryption.</td> | <td>Algorithm used for packet encryption.</td> | ||
</tr> | </tr> | ||
Line 161: | Line 165: | ||
<td>yes | no; default: <b>no</b></td> | <td>yes | no; default: <b>no</b></td> | ||
<td>Use PKCS #12 archive file format to bundle all the members of a chain of trust.</td> | <td>Use PKCS #12 archive file format to bundle all the members of a chain of trust.</td> | ||
</tr> | |||
<tr> | |||
<td>PKCS #12 passphrase</td> | |||
<td>string; default: <b>none</b></td> | |||
<td>Passphrase to decrypt PKCS #12 certificates.</td> | |||
</tr> | |||
<tr> | |||
<td>PKCS #12 certificate chain</td> | |||
<td>string; default: <b>none</b></td> | |||
<td>Uploads PKCS #12 certificate chain file.</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 169: | Line 183: | ||
<tr> | <tr> | ||
<td><span style="color: red;">TLS</span>/<span style="color: #0054a6;">Password:</span> Additional HMAC authentication</td> | <td><span style="color: red;">TLS</span>/<span style="color: #0054a6;">Password:</span> Additional HMAC authentication</td> | ||
<td> | <td>none | Authentication only (tls-auth) | Authentication and encryption (tls-crypt); default: <b>none</b></td> | ||
<td>An additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks.</td> | <td>An additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks.</td> | ||
</tr> | </tr> | ||
Line 229: | Line 243: | ||
To begin configuration, click the 'Edit' button next to the server instance. Refer to the figure and table below for information on the OpenVPN server's configuration fields: | To begin configuration, click the 'Edit' button next to the server instance. Refer to the figure and table below for information on the OpenVPN server's configuration fields: | ||
[[File:{{{file_openvpn_server_config}}}|border]] | [[File:{{{file_openvpn_server_config}}}|border|class=tlt-border]] | ||
<table class="nd-mantable"> | <table class="nd-mantable"> | ||
Line 296: | Line 310: | ||
<tr> | <tr> | ||
<td>Encryption</td> | <td>Encryption</td> | ||
<td>DES-CBC 64 | RC2-CBC 128 | DES-EDE-CBC 128 | DES-EDE3-CBC 192 | DESX-CBC 192 | <td>DES-CBC 64 | RC2-CBC 128 | DES-EDE-CBC 128 | DES-EDE3-CBC 192 | DESX-CBC 192 | RC2-40-CBC 40 | CAST5-CBC 128 | RC2-64-CBC 64 | AES-128-CFB 128 | AES-128-CFB1 128 | AES-128-CFB8 128 | AES-128-OFB 128 | AES-128-CBC 128 | AES-128-GCM 128 | AES-192-CFB 192 | AES-192-CFB1 192 | AES-192-CFB8 192 | AES-192-OFB 192 | AES-192-CBC 192 | AES-192-GCM 192 | AES-256-CFB 256 | AES-256-CFB1 256 | AES-256-CFB8 256 | AES-256-OFB 256 | AES-256-CBC 256 | AES-256-GCM 256 | none ; default: <b>BF-CBC 128</b></td> | ||
<td>Algorithm used for packet encryption.</td> | <td>Algorithm used for packet encryption.</td> | ||
</tr> | </tr> | ||
Line 359: | Line 373: | ||
<td>When enabled allows multiple clients to connect using the same certificates.</td> | <td>When enabled allows multiple clients to connect using the same certificates.</td> | ||
</tr> | </tr> | ||
<tr> | |||
<td>Use PKCS #12 format</td> | <td>Use PKCS #12 format</td> | ||
<td>yes | no; default: <b>no</b></td> | <td>yes | no; default: <b>no</b></td> | ||
<td>Use PKCS #12 archive file format to bundle all the members of a chain of trust.</td> | <td>Use PKCS #12 archive file format to bundle all the members of a chain of trust.</td> | ||
</tr> | |||
<tr> | |||
<td>PKCS #12 passphrase</td> | |||
<td>string; default: <b>none</b></td> | |||
<td>Passphrase to decrypt PKCS #12 certificates.</td> | |||
</tr> | |||
<tr> | |||
<td>PKCS #12 certificate chain</td> | |||
<td>string; default: <b>none</b></td> | |||
<td>Uploads PKCS #12 certificate chain file.</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 429: | Line 453: | ||
The TLS Clients section can be found in the OpenVPN Server configuration window, provided that the OpenVPN server uses TLS or TLS/Password authentication methods. To create a new TLS client, type in the new client‘s name in the text field found bellow the TLS Clients tab and click the 'Add' button. Refer to the figure and table below for information on the TLS Clients' configuration fields: | The TLS Clients section can be found in the OpenVPN Server configuration window, provided that the OpenVPN server uses TLS or TLS/Password authentication methods. To create a new TLS client, type in the new client‘s name in the text field found bellow the TLS Clients tab and click the 'Add' button. Refer to the figure and table below for information on the TLS Clients' configuration fields: | ||
[[File:{{{file_openvpn_tls_clients_config}}}|border]] | [[File:{{{file_openvpn_tls_clients_config}}}|border|class=tlt-border]] | ||
<table class="nd-mantable"> | <table class="nd-mantable"> | ||
Line 469: | Line 493: | ||
</table> | </table> | ||
{{#ifeq:{{{series}}}| | {{#ifeq:{{{series}}}|RUT9XX||{{Template:Networking_rut2xx_manual_vpn_ipsec | ||
| file_ipsec_config = {{{file_ipsec_config}}} | | file_ipsec_config = {{{file_ipsec_config}}} | ||
| file_ipsec_phase = {{{file_ipsec_phase}}} | | file_ipsec_phase = {{{file_ipsec_phase}}} | ||
Line 477: | Line 501: | ||
}}}} | }}}} | ||
{{#ifeq:{{{series}}}| | {{#ifeq:{{{series}}}|RUT2XX||{{Template:Networking_rut9xx_manual_vpn_ipsec | ||
| file_ipsec_config = {{{file_ipsec_config}}} | | file_ipsec_config = {{{file_ipsec_config}}} | ||
| file_ipsec_phase = {{{file_ipsec_phase}}} | | file_ipsec_phase = {{{file_ipsec_phase}}} | ||
Line 485: | Line 509: | ||
}}}} | }}}} | ||
{{#ifeq:{{{series}}}| | {{#ifeq:{{{series}}}|RUT9XX||{{Template:Networking_rutxxx_manual_vpn_gre | ||
| file_gre_config_main = {{{file_gre_config_main}}} | | file_gre_config_main = {{{file_gre_config_main}}} | ||
| file_gre_config_routing = {{{file_gre_config_routing}}} | | file_gre_config_routing = {{{file_gre_config_routing}}} | ||
}}}} | }}}} | ||
{{#ifeq:{{{series}}}| | {{#ifeq:{{{series}}}|RUT2XX||{{Template:Networking_rut9xx_manual_vpn_gre | ||
| file_gre_config_main = {{{file_gre_config_main}}} | | file_gre_config_main = {{{file_gre_config_main}}} | ||
| file_gre_config_routing = {{{file_gre_config_routing}}} | | file_gre_config_routing = {{{file_gre_config_routing}}} | ||
Line 544: | Line 568: | ||
</tr> | </tr> | ||
</table> | </table> | ||
===PPTP server=== | ===PPTP server=== | ||
Line 585: | Line 607: | ||
<tr> | <tr> | ||
<td>User name</td> | <td>User name</td> | ||
<td>string; default: <b> | <td>string; default: <b>youruser</b></td> | ||
<td>Username used for authentication to this PPTP server.</td> | <td>Username used for authentication to this PPTP server.</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Password</td> | <td>Password</td> | ||
<td>string; default: <b> | <td>string; default: <b>yourpass</b></td> | ||
<td>Password used for authentication to this PPTP server.</td> | <td>Password used for authentication to this PPTP server.</td> | ||
</tr> | </tr> | ||
Line 602: | Line 624: | ||
==L2TP== | ==L2TP== | ||
In computer networking, <b>Layer 2 Tunneling Protocol</b> (<b>L2TP</b>) is a tunneling protocol used to support virtual private networks (VPNs). It is more secure than PPTP but, because it encapsulates the transferred data twice, but it is slower and uses more CPU power. | In computer networking, <b>Layer 2 Tunneling Protocol</b> (<b>L2TP</b>) is a tunneling protocol | ||
used to support virtual private networks (VPNs). It is more secure than PPTP but, because | |||
it encapsulates the transferred data twice, but it is slower and uses more CPU power. | |||
===L2TP client=== | ===L2TP client=== | ||
---- | ---- | ||
An <b>L2TP client</b> is an entity that initiates a connection to an L2TP server. To create a new client instance, go to the <i>Services → VPN → L2TP</i> section, select <i>Role: Client</i>, enter a custom name and click the 'Add New' button. An L2TP client instance with the given name will appear in the "L2TP Configuration" list. | An <b>L2TP client</b> is an entity that initiates a connection to an L2TP server. To | ||
create a new client instance, go to the <i>Services → VPN → L2TP</i> section, select | |||
<i>Role: Client</i>, enter a custom name and click the 'Add New' button. An L2TP client | |||
instance with the given name will appear in the "L2TP Configuration" list. | |||
To begin configuration, click the 'Edit button located next to the client instance. Refer to the figure and table below for information on the L2TP client's configuration fields: | To begin configuration, click the 'Edit button located next to the client instance. Refer | ||
to the figure and table below for information on the L2TP client's configuration fields: | |||
[[File:{{{ | [[File:Networking_{{lc:{{{series}}}}}_vpn_l2tp_client_configuration_v1.png|border|class=tlt-border]] | ||
<table class="nd-mantable"> | <table class="nd-mantable"> | ||
Line 631: | Line 659: | ||
<td>Username</td> | <td>Username</td> | ||
<td>string; default: <b>none</b></td> | <td>string; default: <b>none</b></td> | ||
<td>Username used | <td>Username used in authorization to the L2TP server.</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Password</td> | <td>Password</td> | ||
<td>string; default: <b>none</b></td> | <td>string; default: <b>none</b></td> | ||
<td>Password used | <td>Password used in authorization to the L2TP server.</td> | ||
</tr> | |||
<tr> | |||
<td>Authentication</td> | |||
<td>string; default: <b>none</b></td> | |||
<td>Optional. Password used in L2TP tunnel CHAP authentication.</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 649: | Line 682: | ||
</tr> | </tr> | ||
</table> | </table> | ||
===L2TP server=== | ===L2TP server=== | ||
Line 660: | Line 691: | ||
To begin configuration, click the 'Edit' button located next to the server instance. Refer to the figure and table below for information on the L2TP server's configuration fields: | To begin configuration, click the 'Edit' button located next to the server instance. Refer to the figure and table below for information on the L2TP server's configuration fields: | ||
[[File: | [[File:Networking_rutxxx_vpn_l2tp_server_configuration_v1.png]] | ||
<table class="nd-mantable"> | <table class="nd-mantable"> | ||
Line 755: | Line 786: | ||
</table> | </table> | ||
{{#ifeq:{{{series}}}| | {{#ifeq:{{{series}}}|RUT2XX||{{Template:Networking_rut9xx_manual_vpn_stunnel | ||
| file_stunnel_globals = {{{file_stunnel_globals}}} | | file_stunnel_globals = {{{file_stunnel_globals}}} | ||
| file_stunnel_client_server_config = {{{file_stunnel_client_server_config}}} | | file_stunnel_client_server_config = {{{file_stunnel_client_server_config}}} | ||
Line 761: | Line 792: | ||
}}}} | }}}} | ||
{{#ifeq:{{{series}}}| | {{#ifeq:{{{series}}}|RUT9XX||{{Template:Networking_rut2xx_manual_vpn_stunnel | ||
| file_stunnel_globals = {{{file_stunnel_globals}}} | | file_stunnel_globals = {{{file_stunnel_globals}}} | ||
| file_stunnel_client_server_config = {{{file_stunnel_client_server_config}}} | | file_stunnel_client_server_config = {{{file_stunnel_client_server_config}}} | ||
Line 767: | Line 798: | ||
}}}} | }}}} | ||
{{#ifeq:{{{series}}}| | {{#ifeq:{{{series}}}|RUT2XX||{{Template:Networking_rutxxx_manual_vpn_dmvpn | ||
| file_dmvpn_config = {{{file_dmvpn_config}}} | | file_dmvpn_config = {{{file_dmvpn_config}}} | ||
| file_dmvpn_gre_config = {{{file_dmvpn_gre_config}}} | | file_dmvpn_gre_config = {{{file_dmvpn_gre_config}}} | ||
Line 780: | Line 811: | ||
}} | }} | ||
[[Category:{{{name}}} | [[Category:{{{name}}} Services section]] |