Line 280: |
Line 280: |
| | | |
| To create a new IPsec instance, go to the IPsec tab, type in a name for your new instance in the text field below the IPsec tab and press the '''Add''' button next to it. | | To create a new IPsec instance, go to the IPsec tab, type in a name for your new instance in the text field below the IPsec tab and press the '''Add''' button next to it. |
| + | |
| | | |
| [[Image:Services vpn ipsec.PNG]] | | [[Image:Services vpn ipsec.PNG]] |
Line 304: |
Line 305: |
| | style="text-align: left; vertical-align: top;" | Tunnel {{!}} Transport; Default: '''Tunnel''' | | | style="text-align: left; vertical-align: top;" | Tunnel {{!}} Transport; Default: '''Tunnel''' |
| | style="text-align: left; vertical-align: top;" | Type of connection | | | style="text-align: left; vertical-align: top;" | Type of connection |
| + | |- |
| + | ! style="text-align: left; vertical-align: top;" | My identifier type |
| + | | style="text-align: left; vertical-align: top;" | Address {{!}} FQDN {{!}} User FQDN; Default: '''FQDN''' |
| + | | style="text-align: left; vertical-align: top;" | Type of connection |
| + | |- |
| + | ! style="text-align: left; vertical-align: top;" | My identifier |
| + | | style="text-align: left; vertical-align: top;" | string; Default: " " |
| + | | style="text-align: left; vertical-align: top;" | In case RUT has a Private IP, its identifier should be its own LAN network address. In this way, the Road Warrior approach is possible |
| |- | | |- |
| ! style="text-align: left; vertical-align: top;" | Force encapsulation | | ! style="text-align: left; vertical-align: top;" | Force encapsulation |
− | | style="text-align: left; vertical-align: top;" | ip; Default: " " | + | | style="text-align: left; vertical-align: top;" | yes {{!}} no; Default: '''no |
− | | style="text-align: left; vertical-align: top;" | Force UDP encapsulation for ESP packets even if no NAT situation is detected | + | | style="text-align: left; vertical-align: top;" | Forces UDP encapsulation for ESP packets even if no NAT situation is detected |
| |- | | |- |
| ! style="text-align: left; vertical-align: top;" | Dead Peer Detection | | ! style="text-align: left; vertical-align: top;" | Dead Peer Detection |
− | | style="text-align: left; vertical-align: top;" | ip; Default: " " | + | | style="text-align: left; vertical-align: top;" | yes {{!}} no; Default: '''no''' |
− | | style="text-align: left; vertical-align: top;" | Client’s private network (LAN) IP address | + | | style="text-align: left; vertical-align: top;" | The values 'clear', 'hold' and 'restart' all activate DPD |
| |- | | |- |
| ! style="text-align: left; vertical-align: top;" | Pre-shared key | | ! style="text-align: left; vertical-align: top;" | Pre-shared key |
− | | style="text-align: left; vertical-align: top;" | ip; Default: " " | + | | style="text-align: left; vertical-align: top;" | string; Default: " " |
− | | style="text-align: left; vertical-align: top;" | Client’s private network (LAN) IP netmask | + | | style="text-align: left; vertical-align: top;" | A shared password used for authentication between the peers |
| |- | | |- |
| ! style="text-align: left; vertical-align: top;" | Remote VPN endpoint | | ! style="text-align: left; vertical-align: top;" | Remote VPN endpoint |
− | | style="text-align: left; vertical-align: top;" | ip; Default: " " | + | | style="text-align: left; vertical-align: top;" | host {{!}} ip; Default: " " |
− | | style="text-align: left; vertical-align: top;" | Client’s private network (LAN) IP netmask | + | | style="text-align: left; vertical-align: top;" | IP address or hostname of the remote IPsec instance |
| |- | | |- |
| ! style="text-align: left; vertical-align: top;" | IP address/subnet mask | | ! style="text-align: left; vertical-align: top;" | IP address/subnet mask |
− | | style="text-align: left; vertical-align: top;" | ip; Default: " " | + | | style="text-align: left; vertical-align: top;" | ip/integer [0..32]; Default: " " |
− | | style="text-align: left; vertical-align: top;" | Client’s private network (LAN) IP netmask | + | | style="text-align: left; vertical-align: top;" | Remote network secure group IP address and mask used to determine to what subnet an IP address belongs to. Should differ from device’s LAN IP |
| |- | | |- |
| ! style="text-align: left; vertical-align: top;" | Enable keep alive | | ! style="text-align: left; vertical-align: top;" | Enable keep alive |
− | | style="text-align: left; vertical-align: top;" | ip; Default: " " | + | | style="text-align: left; vertical-align: top;" | yes {{!}} no; Default: '''no''' |
− | | style="text-align: left; vertical-align: top;" | Client’s private network (LAN) IP netmask | + | | style="text-align: left; vertical-align: top;" | Toggles the tunnel's keep alive function ON or OFF |
| |- | | |- |
| ! style="text-align: left; vertical-align: top;" | Host | | ! style="text-align: left; vertical-align: top;" | Host |
− | | style="text-align: left; vertical-align: top;" | ip; Default: " " | + | | style="text-align: left; vertical-align: top;" | host {{!}} ip; Default: " " |
− | | style="text-align: left; vertical-align: top;" | Client’s private network (LAN) IP netmask | + | | style="text-align: left; vertical-align: top;" | A host address to which an ICMP echo requests will be sent for keep alive purposes |
| |- | | |- |
| ! style="text-align: left; vertical-align: top;" | Ping period (sec) | | ! style="text-align: left; vertical-align: top;" | Ping period (sec) |
− | | style="text-align: left; vertical-align: top;" | ip; Default: " " | + | | style="text-align: left; vertical-align: top;" | integer [0..9999999]; Default: " " |
− | | style="text-align: left; vertical-align: top;" | Client’s private network (LAN) IP netmask | + | | style="text-align: left; vertical-align: top;" | Send ICMP echo request every '''x''' seconds ('''x''' being the number specified in this field) |
| |- | | |- |
| |} | | |} |