Changes

Template:Networking rutos manual vpn (view source)

Revision as of 18:19, 28 March 2022

3,606 bytes added , 18:19, 28 March 2022

no edit summary

Line 30: Line 30:

To begin configuration, click the button that looks like a pencil next to the client instance. Refer to the figure and table below for information on the OpenVPN client's configuration fields:

−

[[File:~~Networking_trb2_vpn_openvpn_client_configuration_v2~~.png|border|class=tlt-border|]]

+

[[File:Networking_trb2_vpn_openvpn_client_configuration_v3.png|border|class=tlt-border|]]

Line 102: Line 102:

<td>Yes {{!}} No {{!}} None; default: None</td>

<td>Turns LZO data compression on or off.</td>

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>Encryption</td>~~

−

<td>DES-CBC 64 {{!}} RC2-CBC 128 {{!}} DES-EDE-CBC 128 {{!}} DES-EDE3-CBC 192 {{!}} DESX-CBC 192 {{!}} BF-CBC 128 {{!}} RC2-40-CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-40CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-64-CBC 64{{!}} AES-128-CBC 128 {{!}} AES-192-CBC 192 {{!}} AES-256-CBC 256 {{!}} none; default: BF-CBC 128</td>

−

~~<td>Algorithm used for packet encryption.</td>~~

</tr>

<tr>

<td>Authentication</td>

−

<td>~~TLS~~ {{!}} ~~Static Key~~ {{!}} Password {{!}} ~~TLS/~~Password; default: ~~TLS~~</td>

+

<td>Static key {{!}} TLS {{!}} TLS/Password {{!}} Password ; default: Static key</td>

<td>Authentication mode, used to secure data sessions.

<ul>

Line 125: Line 120:

</ul>

</td>

+

</tr>

+

<tr>

+

<td>Encryption</td>

+

<td>DES-CBC 64 {{!}} RC2-CBC 128 {{!}} DES-EDE-CBC 128 {{!}} DES-EDE3-CBC 192 {{!}} DESX-CBC 192 {{!}} BF-CBC 128 {{!}} RC2-40-CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-40CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-64-CBC 64{{!}} AES-128-CBC 128 {{!}} AES-192-CBC 192 {{!}} AES-256-CBC 256 {{!}} none; default: BF-CBC 128</td>

+

<td>Algorithm used for packet encryption.</td>

</tr>

<tr>

Line 172: Line 172:

</tr>

<tr>

−

<td>Password: ~~User name~~</td>

+

<td>TLS/Password: HMAC authentication algorithm</td>

−

<td>~~string~~; default: ~~none~~</td>

+

<td>none {{!}} SHA1 {{!}} SHA256 {{!}} SHA384 {{!}} SHA512; default: SHA1</td>

−

<td>~~Username used for~~ authentication ~~to the OpenVPN server~~.</td>

+

<td>HMAC authentication algorithm type.</td>

</tr>

<tr>

−

<td>Password: ~~Password~~</td>

+

<td>TLS/Password: Additional HMAC authentication</td>

−

<td>~~string~~; default: ~~none~~</td>

+

<td>off {{!}} on; default: off</td>

−

<td>~~Password used for~~ authentication to ~~the OpenVPN server~~.</td>

+

<td>An additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks.</td>

</tr>

<tr>

−

<td>Extra options</td>

+

<td>TLS/Password: HMAC authentication key</td>

−

<td>string; default: none</td>

+

<td>.key file; default: none</td>

−

<td>Extra OpenVPN options to be used by the OpenVPN instance.</td>

+

<td>Uploads an HMAC authentication key file.</td>

+

</tr>

+

<tr>

+

<td>TLS/Password: HMAC key direction</td>

+

<td>0 {{!}} 1 {{!}} none; default: 1</td>

+

<td>The value of the key direction parameter should be complementary on either side (client and server) of the connection. If one side uses 0, the other side should use 1, or both sides should omit the parameter altogether.</td>

+

</tr>

+

<tr>

+

<td>Password: User name</td>

+

<td>string; default: none</td>

+

<td>Username used for authentication to the OpenVPN server.</td>

+

</tr>

+

<tr>

+

<td>Password: Password</td>

+

<td>string; default: none</td>

+

<td>Password used for authentication to the OpenVPN server.</td>

+

</tr>

+

<tr>

+

<td>Extra options</td>

+

<td>string; default: none</td>

+

<td>Extra OpenVPN options to be used by the OpenVPN instance.</td>

</tr>

<tr>

Line 192: Line 212:

</tr>

<tr>

−

<td>TLS/Password: ~~HMAC authentication algorithm~~</td>

+

<td>TLS/Password: Certificate authority</td>

−

<td>~~none {{!}} SHA1 {{!}} SHA256 {{!}} SHA384 {{!}} SHA512~~; default: ~~SHA1~~</td>

+

<td>.ca file; default: none</td>

−

<td>~~HMAC authentication algorithm type~~.</td>

+

<td>Certificate authority is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate.</td>

</tr>

<tr>

−

~~<td>TLS/Password: Additional HMAC authentication</td>~~

+

<td>TLS: Client certificate</td>

−

~~<td>off {{!}} on; default: off</td>~~

+

<td>.crt file; default: none</td>

−

~~<td>An additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks.</td>~~

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>TLS/Password: HMAC authentication key</td>~~

−

~~<td>.key file; default: none</td>~~

−

~~<td>Uploads an HMAC authentication key file.</td>~~

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>TLS/Password: HMAC key direction</td>~~

−

~~<td>0 {{!}} 1 {{!}} none; default: 1</td>~~

−

<td>The value of the key direction parameter should be complementary on either side (client and server) of the connection. If one side uses 0, the other side should use 1, or both sides should omit the parameter altogether.</td>

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>TLS/Password: Certificate authority</td>~~

−

~~<td>.ca file; default: none</td>~~

−

~~<td>Certificate authority is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate.</td>~~

−

~~</tr>~~

−

~~<tr>~~

−

<td>TLS: Client certificate</td>

−

<td>.crt file; default: none</td>

<td>Client certificate is a type of digital certificate that is used by client systems to make authenticated requests to a remote server. Client certificates play a key role in many mutual authentication designs, providing strong assurances of a requester's identity.</td>

</tr>

Line 258: Line 258:

To begin configuration, click the button that looks like a pencil next to the server instance. Refer to the figure and table below for information on the OpenVPN server's configuration fields:

−

[[File:~~Networking_rutx_vpn_openvpn_server_configuration_v2~~.png|border|class=tlt-border]]

+

[[File:Networking_rutx_vpn_openvpn_server_configuration_v3.png|border|class=tlt-border]]

Line 294: Line 294:

<li>User Datagram Protocol (UDP) - packets are sent to the recipient without error-checking or back-and-forth quality control, meaning that when packets are lost, they are gone forever. This makes it less reliable but faster than TCP; therefore, it should be used when transfer speed is crucial (for example, video streaming, live calls).</li>

</ul>

−

</td>~~Which SERVER LAN networks should be reachable from this client~~

+

</td>

</tr>

<tr>

Line 305: Line 305:

<td>Yes {{!}} No {{!}} None; default: None</td>

<td>Turns LZO data compression on or off.</td>

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>Encryption</td>~~

−

<td>DES-CBC 64 {{!}} RC2-CBC 128 {{!}} DES-EDE-CBC 128 {{!}} DES-EDE3-CBC 192 {{!}} DESX-CBC 192 {{!}} BF-CBC 128 {{!}} RC2-40-CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-40CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-64-CBC 64{{!}} AES-128-CBC 128 {{!}} AES-192-CBC 192 {{!}} AES-256-CBC 256 {{!}} none; default: BF-CBC 128</td>

−

~~<td>Algorithm used for packet encryption.</td>~~

</tr>

<tr>

<td>Authentication</td>

−

<td>~~TLS~~ {{!}} ~~Static Key~~ {{!}} TLS/Password; default: ~~TLS~~</td>

+

<td>Static key {{!}} TLS {{!}} TLS/Password {{!}} Password ; default: Static key</td>

<td>Authentication mode, used to secure data sessions.

<ul>

Line 324: Line 319:

</ul>All mentioned certificates can be generated using OpenVPN or Open SSL utilities on any type of host machine. One of the most popular utilities used for this purpose is called Easy-RSA.

</li>

+

<li>Password is a simple username/password based authentication where the owner of the OpenVPN server provides the login data.</li>

<li>TLS/Password uses both TLS and username/password authentication.</li>

</ul>

Line 329: Line 325:

</tr>

<tr>

−

<td>Static key: Local tunnel endpoint IP</td>

+

<td>Encryption</td>

+

<td>DES-CBC 64 {{!}} RC2-CBC 128 {{!}} DES-EDE-CBC 128 {{!}} DES-EDE3-CBC 192 {{!}} DESX-CBC 192 {{!}} BF-CBC 128 {{!}} RC2-40-CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-40CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-64-CBC 64{{!}} AES-128-CBC 128 {{!}} AES-192-CBC 192 {{!}} AES-256-CBC 256 {{!}} none; default: BF-CBC 128</td>

+

<td>Algorithm used for packet encryption.</td>

+

</tr>

+

<tr>

+

<td>Static key: Local tunnel endpoint IP</td>

<td>ip; default: none</td>

<td>IP address of the local OpenVPN network interface.</td>

Line 394: Line 395:

</tr>

<tr>

−

<td>TLS/Password: ~~User name~~</td>

+

<td>TLS/Password: HMAC authentication algorithm</td>

−

<td>~~string~~; default: none</td>

+

<td>none {{!}} SHA1 {{!}} SHA256 {{!}} SHA384 {{!}} SHA512; default: SHA1</td>

−

<td>~~Username used for~~ authentication ~~to this OpenVPN~~ server.</td>

+

<td>HMAC authentication algorithm type.</td>

+

</tr>

+

<tr>

+

<td>TLS/Password: Additional HMAC authentication</td>

+

<td>off {{!}} on; default: off</td>

+

<td>An additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks.</td>

+

</tr>

+

<tr>

+

<td>TLS/Password: HMAC authentication key</td>

+

<td>.key file; default: none</td>

+

<td>Uploads an HMAC authentication key file.</td>

+

</tr>

+

<tr>

+

<td>TLS/Password: HMAC key direction</td>

+

<td>0 {{!}} 1 {{!}} none; default: 1</td>

+

<td>The value of the key direction parameter should be complementary on either side (client and server) of the connection. If one side uses 0, the other side should use 1, or both sides should omit the parameter altogether.</td>

</tr>

<tr>

−

<td>TLS/Password: ~~Password~~</td>

+

<td>TLS/Password:Usernames & Passwords</td>

−

<td>~~string~~; default: none</td>

+

<td>text file; default: none</td>

−

<td>~~Password used for authentication to this OpenVPN~~ server.</td>

+

<td>File containing usernames and passwords against which the server can authenticate clients. Each username and password pair should be placed on a single line and separated by a space.</td>

</tr>

<tr>

Line 508: Line 524:

To begin configuration, click the button that looks like a pencil located next to the instance. Refer to the figure and table below for information on the fields located in the GRE instance configuration section.

−

[[File:~~Networking_rutx_vpn_gre_gre_configuration_main_settings_v2~~.png|border|class=tlt-border]]

+

[[File:Networking_rutx_vpn_gre_gre_configuration_main_settings_v3.png|border|class=tlt-border]]

Line 523: Line 539:

<tr>

<td>Tunnel source</td>

−

<td>network interface; default: ~~none~~</td>

+

<td>network interface; default: LAN</td>

<td>Network interface used to establish the GRE Tunnel.</td>

</tr>

Line 533: Line 549:

<tr>

−

<td>integer; default: 1476</td>

+

<td>integer [68..9200]; default: 1476</td>

<td>Sets the maximum transmission unit (MTU) size. It is the largest size of a protocol data unit (PDU) that can be transmitted in a single network layer transaction.</td>

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>TTL</td>~~

−

~~<td>integer [0..255]; default: 255</td>~~

−

<td>Sets a custom TTL (Time to Live) value for encapsulated packets. TTL is a field in the IP packet header which is initially set by the sender and decreased by 1 on each hop. When it reaches 0 it is dropped and the last host to receive the packet sends an ICMP "Time Exceeded" message back to the source.</td>

</tr>

<tr>

Line 553: Line 564:

<tr>

<td>Path MTU Discovery</td>

−

<td>off {{!}} on; default: on</td>

+

<td>off {{!}} on; default: off</td>

<td>When unchecked, sets the nopmtudisc option for tunnel. Can not be used together with the TTL option.</td>

+

</tr>

+

<tr>

+

+

<td>integer [0..255]; default: 255</td>

+

<td>Sets a custom TTL (Time to Live) value for encapsulated packets. TTL is a field in the IP packet header which is initially set by the sender and decreased by 1 on each hop. When it reaches 0 it is dropped and the last host to receive the packet sends an ICMP "Time Exceeded" message back to the source.</td>

</tr>

<tr>

<td>Keep alive</td>

−

<td>off {{!}} on; default: off</td>

+

<td>off {{!}} on; default: off</td>

<td>Turns "keep alive" on or off. The "keep alive" feature sends packets to the remote instance in order to determine the health of the connection. If no response is received, the device will attempt to re-establish the tunnel.</td>

</tr>

<tr>

−

<td>Keep alive interval</td>

+

<td>Keep alive interval</td>

<td>integer [0..255]; default: none</td>

<td>Frequency (in seconds) at which "keep alive" packets are sent to the remote instance.</td>

Line 632: Line 648:

<tr>

<td>Authentication method</td>

−

<td>Pre-shared key {{!}} X.509; default: Pre-shared key</td>

+

<td>Pre-shared key {{!}} X.509 {{!}} EAP; default: Pre-shared key</td>

<td>Specify authentication method. Choose between Pre-shared key and X.509 certificates.</td>

</tr>

Line 640: Line 656:

<td>A shared password used for authentication between IPsec peers before a secure channel is established.</td>

</tr>

−

<!-- removed on 7.0, to return ~~on 7.1~~ <tr>

+

<!-- removed on 7.0, to return in the future <tr>

<td>Certificate files from device</td>

<td>off {{!}} on; default: off</td>

Line 716: Line 732:

<tr>

−

<td>~~psk~~ {{!}} ~~xauth~~; default: ~~psk~~</td>

+

<td>PSK {{!}} XAUTH {{!}} EAP {{!}} RSA; default: PSK</td>

<td>IPSec secret type.NOTE: XAUTH secrets are IKEv1 only.</td>

</tr>

Line 759: Line 775:

----

−

[[File:~~Networking_rutos_vpn_ipsec_connection_settings_general_settings~~.png|border|class=tlt-border]]

+

[[File:Networking_rutos_vpn_ipsec_connection_settings_general_settings_v2.png|border|class=tlt-border]]

Line 811: Line 827:

</ul>

</td>

+

</tr>

+

<tr>

+

<td>Enable XAUTH</td>

+

<td>off {{!}} on; default: off</td>

+

<td>Enables XAUTH authentication before allowing access for remote users.</td>

</tr>

</table>

Line 1,485: Line 1,506:

<tr>

<td>Tunnel source</td>

−

<td>network interface; default: ~~none~~</td>

+

<td>network interface; default: LAN</td>

<td>Network interface used to establish the GRE Tunnel.</td>

</tr>

Line 1,560: Line 1,581:

<tr>

<td>DH/PFS group</td>

−

<td>MODP768 {{!}} MODP1024 {{!}} MODP1536 {{!}} MODP2048 {{!}} MODP3072 {{!}} MODP4096 {{!}} ECP192 {{!}} ECP224 {{!}} ECP256 {{!}} ECP384 {{!}} ECP521; default: ~~MODP1536~~</td>

+

<td>MODP768 {{!}} MODP1024 {{!}} MODP1536 {{!}} MODP2048 {{!}} MODP3072 {{!}} MODP4096 {{!}} ECP192 {{!}} ECP224 {{!}} ECP256 {{!}} ECP384 {{!}} ECP521; default: MODP1024</td>

<td>Diffie-Hellman (DH) group used in the key exchange process. Higher group numbers provide more security, but take longer and use more resources to compute the key. Must match with another incoming connection to establish IPSec. </td>

</tr>

Line 1,586: Line 1,607:

<tr>

<td>NHRP network ID</td>

−

<td>integer; default: 1</td>

+

<td>integer; default: none</td>

<td>An identifier used to define the NHRP domain. This is a local parameter and its value does not need to match the values specified on other domains. However, the NHRP ID is added to packets which arrive on the GRE interface; therefore, it may be helpful to use the same ID for troubleshooting purposes.</td>

</tr>

Line 1,596: Line 1,617:

<tr>

−

<td>integer; default: ~~7200~~</td>

+

<td>integer; default: none</td>

<td>Specifies the holding time for NHRP Registration Requests and Resolution Replies sent from this interface or shortcut-target. The hold time is specified in seconds and defaults to two hours.</td>

</tr>

Line 1,605: Line 1,626:

In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs). It is more secure than PPTP but, because it encapsulates the transferred data twice, but it is slower and uses more CPU power.

−

===L2TP ~~client~~===

+

===L2TP Global Settings===

+

----

+

[[File:Networking_rutos_manual_vpn_l2tp_global_settings_v1.png|border|class=tlt-border]]

+

+

<tr>

+

<th>Field</th>

+

<th>Value</th>

+

<th>Description</th>

+

</tr>

+

<tr>

+

<td>Require CHAP</td>

+

<td>off {{!}} on; default: on</td>

+

<td>When enabled, peer will be required to authenticate itself using standard CHAP authentication.</td>

+

</tr>

+

<tr>

+

<td>Refuse PAP</td>

+

<td>off {{!}} on; default: on</td>

+

<td>When enabled, pppd will not agree to authenticate itself to the peer using Password Authentication Protocol (PAP).</td>

+

</tr>

+

</table>

+

===L2TP Client===

----

An L2TP client is an entity that initiates a connection to an L2TP server. To create a new client instance, go to the Services → VPN → L2TP section, select Role: Client, enter a custom name and click the 'Add' button. An L2TP client instance with the given name will appear in the "L2TP Configuration" list.

Line 1,611: Line 1,654:

To begin configuration, click the button that looks like a pencil next to the client instance. Refer to the figure and table below for information on the L2TP client's configuration fields:

−

[[File:~~Networking_rutos_manual_vpn_l2tp_client~~.png|border|class=tlt-border]]

+

[[File:Networking_rutos_manual_vpn_l2tp_client_v1.png|border|class=tlt-border]]

Line 1,640: Line 1,683:

</tr>

<tr>

−

<td>Default route</td>

+

<td>CHAP Secret</td>

+

<td>string; default: none</td>

+

<td>A secret used for L2TP Tunnel Authentication.</td>

+

</tr>

+

<tr>

+

<td>Default route</td>

<td>off {{!}} on; default: off</td>

<td>When turned on, this connection will become device default route. This means that all traffic directed to the Internet will go through the L2TP server and the server's IP address will be seen as this device's source IP to other hosts on the Internet.{{#ifeq:{{{series}}}|RUTX| NOTE: this can only be used when [[{{{name}}} Failover|Failover]] is turned off.}}</td>

Line 1,646: Line 1,694:

</table>

−

===L2TP ~~server~~===

+

===L2TP Server===

----

An L2TP server is an entity that waits for incoming connections from L2TP clients. To create a new server instance, go to the Services → VPN → L2TP section, select Role: Server, enter a custom name and click the 'Add' button. An L2TP server instance with the given name will appear in the "L2TP Configuration" list. Only one L2TP server instance is allowed to be added.

Line 1,654: Line 1,702:

To begin configuration, click the button that looks like a pencil next to the server instance. Refer to the figure and table below for information on the L2TP server's configuration fields:

−

[[File:~~Networking_rutx_vpn_l2tp_server_configuration_v2~~.png|border|class=tlt-border]]

+

[[File:Networking_rutx_vpn_l2tp_server_configuration_v3.png|border|class=tlt-border]]

Line 1,681: Line 1,729:

<td>ip; default: 192.168.0.30</td>

<td>L2TP IP address leases will end with the address specified in this field.</td>

+

</tr>

+

<tr>

+

<td>Enable CHAP</td>

+

<td>off {{!}} on; default: user</td>

+

<td>Enables Challenge-Handshake Authentication Protocol for L2TP</td>

+

</tr>

+

<tr>

+

<td>CHAP Secret</td>

+

<td>string; default: user</td>

+

<td>A secret used for L2TP Tunnel Authentication.</td>

</tr>

<tr>

Line 1,768: Line 1,826:

<td>Must be specified in hexidecimal form and be length of 8 or 16. eg.: 89ABCDEF. It must match other end Cookie.</td>

</tr>

−

</table>

+

</table>

−

+

−

===Instance Settings===

+

===Instance Settings===

−

----

+

----

−

[[File:~~Networking_rutos_vpn_l2tpv3_configuration_instance_settings_v1~~.png]]

+

[[File:Networking_rutos_vpn_l2tpv3_configuration_instance_settings_v2.png]]

−

+

−

<tr>

+

<tr>

−

<th>Field</th>

+

<th>Field</th>

−

<th>Value</th>

+

<th>Value</th>

−

<th>Description</th>

+

<th>Description</th>

+

</tr>

+

<tr>

+

<td>Bridge to</td>

+

<td>None {{!}} LAN; default: None</td>

+

<td>Peer Endpoint IP address.</td>

+

</tr>

+

<tr>

+

<td>IPv4 Address</td>

+

<td>ip4; default: none</td>

+

<td>IPv4 address of standalone L2TPv3 interface.<td>

+

</tr>

+

<tr>

+

<td>Netmask</td>

+

<td>netmask; default: 255.255.255.0</td>

+

<td>Netmask of standalone L2TPv3 interface. </td>

+

</tr>

+

<tr>

+

<td>IPv6 Address</td>

+

<td>ip6; default: none</td>

+

<td>IPv6 address of standalone L2TPv3 interface. CIDR notation: address/prefix.<td>

+

</tr>

+

<tr>

+

+

<td>integer [64..9000]; default: none</td>

+

<td>Sets the maximum transmission unit (MTU) size. It is the largest size of a protocol data unit (PDU) that can be transmitted in a single network layer transaction.</td>

+

</tr>

+

<tr>

+

<td>Encapsulation</td>

+

<td>IP {{!}} UDP; default: IP</td>

+

<td>Specify technology to use when connecting to other end.</td>

</tr>

<tr>

−

<td>~~Bridge to~~</td>

+

<td>UDP source port</td>

−

<td>~~None {{!}} LAN~~; default: ~~None~~</td>

+

<td>port; default: none</td>

−

<td>~~Peer Endpoint IP address~~.</td>

+

<td>Specifies source port.</td>

</tr>

<tr>

−

<td>~~IP Address~~<~~/td>~~

+

<td>UDP destination port</td>

−

~~<td>ip; default~~: ~~none</td>~~

+

<td>port; default: none</td>

−

~~<td>IP address of standalone L2TPv3 interface.<td>~~

+

<td>Specifies destination port.</td>

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>Netmask</td>~~

−

~~<td>netmask; default: none</td>~~

−

~~<td>Netmask of standalone L2TPv3 interface. </td>~~

−

</~~tr>~~

−

~~<tr>~~

−

~~<td~~>~~MTU~~</td>

−

<td>~~integer [64..9000]~~; default: none</td>

−

<td>~~Sets the maximum transmission unit (MTU) size. It is the largest size of a protocol data unit (PDU) that can be transmitted in a single network layer transaction.</td>~~

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>Encapsulation</td>~~

−

~~<td>IP {{!}} UDP; default: IP</td>~~

−

~~<td>Specify technology to use when connecting to other end~~.</td>

</tr>

<tr>

Line 1,865: Line 1,938:

Private keys and generate them, specify Port and IP addresses for communication.

−

[[File:~~Networking_rutx_vpn_wireguard_instance_general_v1~~.png|border|class=tlt-border]]

+

[[File:Networking_rutx_vpn_wireguard_instance_general_v2.png|border|class=tlt-border]]

Line 1,880: Line 1,953:

<tr>

<td>Private Key</td>

−

<td>string; default: ~~none~~</td>

+

<td>Base64-encoded string; default: generated</td>

−

<td>Private Key used in authentication.</td>

+

<td>Private Key used in authentication. Required.</td>

</tr>

<tr>

<td>Public Key</td>

−

<td>string; default: -</td>

+

<td>Base64-encoded string; default: generated</td>

<td>Public Key used in authentication.</td>

</tr>

Line 1,895: Line 1,968:

<tr>

<td>Listen Port</td>

−

<td>integer [0..65535]; default: ~~none~~</td>

+

<td>integer [0..65535]; default: 51820</td>

<td>Specify port to listen for incomming connections. It will be set to a random integer if left empty.</td>

</tr>

Gytispieze

Bureaucrats, Interface administrators, Administrators

9,305

edits

Namespaces

Variants

Views

More

Search

Changes

Template:Networking rutos manual vpn (view source)

Revision as of 18:19, 28 March 2022

Navigation menu

Personal tools

NAVIGATION

Tools

Categories