31,703
edits
Changes
Template:Networking rut manual vpn (view source)
Revision as of 10:32, 15 May 2019
, 10:32, 15 May 2019→IPsec
<td>My identifier type</td>
<td>My identifier type</td>
<td>FQDN | User FQDN | Address; Default: <b>FQDN</b></td>
<td>FQDN | User FQDN | Address; Default: <b>FQDN</b></td>
<td>
<td>Defines the type of identity used in user (IPsec instance) authentication.
<ul>
<ul>
<li><b>FQDN</b> - </li>
<li><b>FQDN</b> - identity defined by fully qualified domain name. It is the complete domain name for a host (for example, something.somedomain.com). Only supported with IKEv2.</li>
<li><b>User FQDN</b> - </li>
<li><b>User FQDN</b> - identity defined by fully qualified username string (for example, <i>[email protected]</i>). Only supported with IKEv2.</li>
<li><b>Address</b> - </li>
<li><b>Address</b> - identity by IP address.</li>
</ul>
</ul>
</td>
</td>
<tr>
<tr>
<td>My identifier</td>
<td>My identifier</td>
<td>string; Default: <b>none</b></td>
<td>ip | string; Default: <b>none</b></td>
<td>In case RUT has a Private IP, its identifier should be its own LAN network address. In this way, the Road Warrior approach is possible</td>
<td>Defines how the user (IPsec instance) will be identified during authentication.</td>
</tr>
</tr>
<tr>
<tr>
<td><span style="color: red;">Tunnel:</span> Local IP address/Subnet mask</td>
<td><span style="color: red;">Tunnel:</span> Local IP address/Subnet mask</td>
<td>ip/netmask | Default: <b>none</b></td>
<td>ip/netmask | Default: <b>none</b></td>
<td>Local IP address and subnet mask used to determine which part of the network can be accessed. Netmask range [0..32]. If left empty, IP address will be selected automatically.</td>
<td>Local IP address and subnet mask used to determine which part of the network can be accessed in the VPN network. Netmask range [0..32]. If left empty, IP address will be selected automatically.</td>
</tr>
</tr>
<tr>
<tr>
<td>Left firewall</td>
<td>Left firewall</td>
<td>yes | no; Default: <b>yes</b></td>
<td>yes | no; Default: <b>yes</b></td>
<td>Excludes IPsec tunnel from firewall rules.</td>
<td>Excludes IPsec instance from firewall rules.</td>
</tr>
</tr>
<tr>
<tr>
<td>Dead Peer Detection</td>
<td>Dead Peer Detection</td>
<td>yes | no; Default: <b>no</b></td>
<td>yes | no; Default: <b>no</b></td>
<td>The values 'clear', 'hold' and 'restart' all activate DPD.</td>
<td>A function used during Internet Key Exchange (IKE) to detect a "dead" peer. It used to reduce traffic by minimizing the number of messages when the opposite peer in unavailable and as failover mechanism.</td>
</tr>
</tr>
<tr>
<tr>
<td><span style="color: #0054a6;">Dead Peer Detection:</span> Delay (sec)</td>
<td><span style="color: #0054a6;">Dead Peer Detection:</span> Delay (sec)</td>
<td>integer; Default: <b>none</b></td>
<td>integer; Default: <b>none</b></td>
<td></td>
<td>The frequency of checking whether a peer is still availaible or not.</td>
</tr>
</tr>
<tr>
<tr>
<td><span style="color: #0054a6;">Dead Peer Detection:</span> Timeout (sec)</td>
<td><span style="color: #0054a6;">Dead Peer Detection:</span> Timeout (sec)</td>
<td>integer; Default: <b>none</b></td>
<td>integer; Default: <b>none</b></td>
<td></td>
<td>Time limit after the IPsec instance will stop checking the availability of a peer and determine it to be "dead" if no response is received.</td>
</tr>
</tr>
<tr>
<tr>
<td><span style="color: red;">Tunnel:</span> Remote IP address/subnet mask</td>
<td><span style="color: red;">Tunnel:</span> Remote IP address/subnet mask</td>
<td>ip/netmask; Default: <b>none</b></td>
<td>ip/netmask; Default: <b>none</b></td>
<td>Remote network IP address and subnet mask used to determine which part of the network can be accessed. Netmask range [0..32]. This values must differ from the device’s LAN IP.</td>
<td>Remote network IP address and subnet mask used to determine which part of the network can be accessed in the VPN network. Netmask range [0..32]. This values must differ from the device’s LAN IP.</td>
</tr>
</tr>
<tr>
<tr>
<td>Right firewall</td>
<td>Right firewall</td>
<td>yes | no; Default: <b>yes</b></td>
<td>yes | no; Default: <b>yes</b></td>
<td>Excludes remote side IPsec tunnel from firewall rules.</td>
<td>Excludes remote side IPsec instance from firewall rules.</td>
</tr>
</tr>
<tr>
<tr>
<td>Enable keepalive</td>
<td>Enable keepalive</td>
<td>yes | no; Default: <b>no</b></td>
<td>yes | no; Default: <b>no</b></td>
<td>Toggles the tunnel's keep alive function ON or OFF. When enabled, the instance sends ICMP packets to the specified host at the specified frequency. If no response is received, the instance attempts to restart the connection.</td>
<td>When enabled, the instance sends ICMP packets to the specified host at the specified frequency. If no response is received, the router will attempt to restart the connection.</td>
</tr>
</tr>
<tr>
<tr>
<td>Host</td>
<td>Host</td>
<td>host | ip; Default: <b>none</b></td>
<td>host | ip; Default: <b>none</b></td>
<td>Hostname or IP address to which ICMP packets will be sent to. Best to use a hostname/IP address belonging to the opposite instance's LAN.</td>
<td>Hostname or IP address to which keepalive ICMP packets will be sent to.</td>
</tr>
</tr>
<tr>
<tr>
<td>Ping period (sec)</td>
<td>Ping period (sec)</td>
<td>integer [0..9999999]; Default: <b>none</b></td>
<td>integer [0..9999999]; Default: <b>none</b></td>
<td>The period (in seconds) at which ICMP packets will be sent to the specified keep alive host.</td>
<td>The frequency at which keepalive ICMP packets will be sent to the specified host or IP address.</td>
</tr>
</tr>
<tr>
<tr>
<td>Allow WebUI access</td>
<td>Allow WebUI access</td>
<td>yes | no; Default: <b>no</b></td>
<td>yes | no; Default: <b>no</b></td>
<td>Allows WebUI access for hosts from the opposite instance.</td>
<td>Allows WebUI access for hosts in the VPN network.</td>
</tr>
</tr>
<tr>
<tr>
