Line 48: |
Line 48: |
| [[File:L2tpoveripsecserver1f.png|left|L2tpoveripsecserver1|border|class=tlt-border|1100px]] | | [[File:L2tpoveripsecserver1f.png|left|L2tpoveripsecserver1|border|class=tlt-border|1100px]] |
| [[File:L2tpoveripsecserver2f.png|left|L2tpoveripsecserver2|border|class=tlt-border|1100px]] | | [[File:L2tpoveripsecserver2f.png|left|L2tpoveripsecserver2|border|class=tlt-border|1100px]] |
| + | [[File:Custom options configuration v1.png|center|L2tpoveripsecserverIKE|border|class=tlt-border]] |
| + | [[File:Custom options configuration v3.png|center|L2tpoveripsecserverCustom|border|class=tlt-border]] |
| + | |
| + | |
| *'''Remote VPN endpoint''' - IP address or hostname of the remote IPsec instance. '''Leave empty''' for the server configuration | | *'''Remote VPN endpoint''' - IP address or hostname of the remote IPsec instance. '''Leave empty''' for the server configuration |
| *'''Enable''' - if checked, enables the IPsec instance | | *'''Enable''' - if checked, enables the IPsec instance |
Line 54: |
Line 58: |
| *'''Type''' - the type of the connection. '''Transport''' encrypts only the payload and Encapsulating Security Payload (ESP) trailer; so the IP header of the original packet is not encrypted. Transport mode is usually used when another tunneling protocol (such as [[VPN#GRE_Tunnel|GRE]], [[VPN#L2TP|L2TP]]) is used to first encapsulate the IP data packet, then IPsec is used to protect the GRE/L2TP tunnel packets. NAT traversal is not supported with the transport mode. | | *'''Type''' - the type of the connection. '''Transport''' encrypts only the payload and Encapsulating Security Payload (ESP) trailer; so the IP header of the original packet is not encrypted. Transport mode is usually used when another tunneling protocol (such as [[VPN#GRE_Tunnel|GRE]], [[VPN#L2TP|L2TP]]) is used to first encapsulate the IP data packet, then IPsec is used to protect the GRE/L2TP tunnel packets. NAT traversal is not supported with the transport mode. |
| *'''Bind to''' - which interface is going to be bind to the IPsec configuration. The L2TP interface must be selected. | | *'''Bind to''' - which interface is going to be bind to the IPsec configuration. The L2TP interface must be selected. |
| + | *'''Custom option''' - rekey=0 |
| + | *'''Encryption algorithm''' - AES 256 |
| + | *'''Authentication''' - SHA1 |
| + | *'''Force crypto proposal''' - Enabled |
| + | *'''DH group''' - MODP2048 |
| | | |
| ===PC Client=== | | ===PC Client=== |
Line 88: |
Line 97: |
| | | |
| *Other types of VPNs suported by RUTxxx devices: | | *Other types of VPNs suported by RUTxxx devices: |
− | **[[L2TP configuration examples]] | + | **[[L2TP configuration examples RutOS|L2TP configuration examples]] |
− | **[[IPsec configuration examples]] | + | **[[IPsec RUTOS configuration example|IPsec configuration examples]] |
− | **[[GRE Tunnel configuration examples]] | + | **[[GRE Tunnel configuration examples RutOS|GRE Tunnel configuration examples]] |
− | **[[OpenVPN configuration examples]] | + | **[[OpenVPN configuration examples RUT R 00.07|OpenVPN configuration examples]] |
− | **[[PPTP configuration examples]] | + | **[[PPTP configuration examples RutOS|PPTP configuration examples]] |
| + | [[Category:VPN]] |