Changes

Template:Networking rutos manual vpn (view source)

Revision as of 13:52, 1 September 2022

848 bytes added , 13:52, 1 September 2022

no edit summary

Line 1: Line 1:

−

{{Template:Networking_rutos_manual_fw_disclosure

+

{{Template: Networking_rutos_manual_fw_disclosure

−

| fw_version = {{{series~~}}}~~{{~~#ifeq:~~{~~{{name~~}}}~~|RUT241|M|}}_R_00.07.01~~

+

| fw_version ={{Template: Networking_rutos_manual_latest_fw

−

| ~~series~~ = {{{~~series~~}}}

+

| series = {{{series}}}

+

| name = {{{name}}}

+

}}

−

{{#ifeq: {{{series}}} | RUT9 | Note: [[{{{name}}} VPN (legacy WebUI)|click here]] for the old style WebUI (FW version ~~RUT9XX_R_00.06.08.5~~ and earlier) user manual page.|}}

+

{{#ifeq: {{{series}}} | RUT9 | Note: [[{{{name}}} VPN (legacy WebUI)|click here]] for the old style WebUI (FW version {{Template: Networking_rutos_manual_latest_fw | series = RUT9XX}} and earlier) user manual page.|}}

−

{{#ifeq: {{{series}}} | RUT2 |

+

{{#ifeq: {{{series}}} | RUT2 | Note: [[{{{name}}} VPN (legacy WebUI)|click here]] for the old style WebUI (FW version {{Template: Networking_rutos_manual_latest_fw | series = RUT2XX}} and earlier) user manual page.|}}

−

~~{{#switch: {{{name}}}~~

−

~~| RUT241 =~~

−

~~| #default =~~

−

Note: [[{{{name}}} VPN (legacy WebUI)|click here]] for the old style WebUI (FW version ~~RUT2XX_R_00.01.14.4~~ and earlier) user manual page.}}

==Summary==

Line 25: Line 23:

OpenVPN is an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It is often regarded as being the most universal VPN protocol because of its flexibility, support of SSL/TLS security, multiple encryption methods, many networking features and compatibility with most OS platforms.

−

{{{name}}} devices run OpenVPN version 2.5.2.

+

{{{name}}} devices run OpenVPN version 2.5.3.

===OpenVPN Client===

Line 291: Line 289:

<tr>

<td>Protocol</td>

−

<td>UDP {{!}} TCP{{#ifeq:{{{series}}}|RUTX| {{!}} UDP6 {{!}} TCP6}}; default: UDP</td>

+

<td>UDP {{!}} TCP{{#ifeq:{{{series}}}|RUTX| {{!}} UDP6 {{!}} TCP6}}; default: UDP</td>

<td>Transfer protocol used by the OpenVPN connection.

<ul>

Line 382: Line 380:

</tr>

<tr>

−

<td>TLS/TLS/Password: Virtual network IPv6 address</td>

+

<td>TLS/TLS/Password: Virtual network IPv6 address</td>

<td>ip6; default: none</td>

<td>IPv6 address of the OpenVPN network.</td>

Line 650: Line 648:

<tr>

−

<td>.~~key~~ file; default: none</td>

+

<td>.der file; default: none</td>

<td>A public key file.</td>

</tr>

<tr>

<td>X.509: Local Certificate</td>

−

<td>.~~pem~~ file; default: none</td>

+

<td>.der file; default: none</td>

<td>A local certificate file.</td>

</tr>

<tr>

<td>X.509: CA Certificate</td>

−

<td>.~~crt~~ file; default: none</td>

+

<td>.der file; default: none</td>

<td>A certificate authority file.</td>

</tr>

Line 802: Line 800:

<tr>

<td>Transport: Bind to</td>

−

<td>GRE interface; default: none</td>

+

<td>GRE interface; L2TP interface; default: none</td>

−

<td>Bind to GRE interface to create GRE over IPsec.</td>

+

<td>Bind to GRE or L2TP interface to create GRE/L2TP over IPsec.</td>

</tr>

<tr>

Line 829: Line 827:

====Advanced settings====

----

−

[[File:Networking_rutos_vpn_ipsec_connection_settings_advanced_settings.png|border|class=tlt-border]]

Line 857: Line 854:

<td>off {{!}} on; default: on</td>

<td>Adds necessary firewall rules to allow traffic of from the opposite IPsec instance on this device.</td>

+

</tr>

+

<tr>

+

<td>Compatibility mode</td>

+

<td>off {{!}} on; default: off</td>

+

<td>Turns on compatibility mode to help deal with a 3rd party remote peer with multiple subnets.</td>

</tr>

<tr>

Line 877: Line 879:

<td>integer; default: none</td>

<td>The frequency of sending R_U_THERE messages or INFORMATIONAL exchanges to peer.</td>

+

</tr>

+

<tr>

+

<td>Dead Peer Detection: DPD Timeout</td>

+

<td>integer; default: none</td>

+

<td>Defines the timeout interval, after which all connections to a peer are deleted in case of inactivity.</td>

+

</tr>

+

<tr>

+

<td>XAuth identity</td>

+

<td>string; default: none</td>

+

<td>The identity/username the client uses to reply to an XAuth request. If not defined, the IKEv1 identity will be used as XAuth identity.</td>

</tr>

<tr>

Line 1,022: Line 1,034:

<tr>

<td>DH group</td>

−

<td>MODP768 {{!}} MODP1024 {{!}} MODP1536 {{!}} MODP2048 {{!}} MODP3072 {{!}} MODP4096 {{!}} ECP192 {{!}} ECP224 {{!}} ECP256 {{!}} ECP384 {{!}} ECP521; default: MODP1536</td>

+

<td>MODP768 {{!}} MODP1024 {{!}} MODP1536 {{!}} MODP2048 {{!}} MODP3072 {{!}} MODP4096 {{!}} ECP192 {{!}} ECP224 {{!}} ECP256 {{!}} ECP384 {{!}} ECP521 {{!}} No PFS; default: MODP1536</td>

<td>Diffie-Hellman (DH) group used in the key exchange process. Higher group numbers provide more security, but take longer and use more resources to compute the key. Must match with another incoming connection to establish IPSec. </td>

</tr>

Line 1,049: Line 1,061:

</tr>

<tr>

−

<td>~~Hash~~ algorithm</td>

+

<td>Encryption algorithm</td>

−

<td>3DES {{!}} AES 128 {{!}} AES 192 {{!}} AES 256 {{!}} AES128 GCM8 {{!}} AES192 GCM8 {{!}} AES256 GCM8 {{!}} AES128 GCM12 {{!}} AES192 GCM12 {{!}} AES256 GCM12 {{!}} AES128 GCM16 {{!}} AES192 GCM16 {{!}} AES256 GCM16; default: ~~AES 128~~</td>

+

<td>3DES {{!}} AES 128 {{!}} AES 192 {{!}} AES 256 {{!}} AES128 GCM8 {{!}} AES192 GCM8 {{!}} AES256 GCM8 {{!}} AES128 GCM12 {{!}} AES192 GCM12 {{!}} AES256 GCM12 {{!}} AES128 GCM16 {{!}} AES192 GCM16 {{!}} AES256 GCM16; default: 3DES</td>

<td>Algorithm used for data encryption.</td>

</tr>

<tr>

<td>Hash algorithm</td>

−

<td>MD5 {{!}} SHA1 {{!}} SHA256 {{!}} SHA384 {{!}} SHA512; default: ~~SHA1~~</td>

+

<td>MD5 {{!}} SHA1 {{!}} SHA256 {{!}} SHA384 {{!}} SHA512; default: MD5</td>

<td>Algorithm used for exchanging authentication and hash information.</td>

</tr>

<tr>

<td>PFS group</td>

−

<td>MODP768 {{!}} MODP1024 {{!}} MODP1536 {{!}} MODP2048 {{!}} MODP3072 {{!}} MODP4096 {{!}} ECP192 {{!}} ECP224 {{!}} ECP256 {{!}} ECP384 {{!}} ECP521; default: ~~MODP1536~~</td>

+

<td>MODP768 {{!}} MODP1024 {{!}} MODP1536 {{!}} MODP2048 {{!}} MODP3072 {{!}} MODP4096 {{!}} ECP192 {{!}} ECP224 {{!}} ECP256 {{!}} ECP384 {{!}} ECP521 {{!}} No PFS; default: MODP768</td>

<td>The PFS (Perfect Forward Secrecy). Must match with another incoming connection to establish IPSec. </td>

</tr>

Line 1,087: Line 1,099:

You should be redirected to the configuration page for the newly added PPTP Client which should look similar to this:

−

[[File:~~Networking_rutos_vpn_pptp_client~~.png|border|class=tlt-border]]

+

[[File:Networking_rutos_vpn_pptp_client_v2.png|border|class=tlt-border]]

Line 1,114: Line 1,126:

<td>string; default: none</td>

<td>Password used for authentication to the PPTP server.</td>

−

</tr><tr>

+

</tr>

+

<tr>

+

<td>Client to client</td>

+

<td>off {{!}} on; default: off</td>

+

<td>Adds route to make other PPTP clients reachable.</td>

+

</tr>

+

<tr>

<td>Default route</td>

<td>off {{!}} on; default: off</td>

Line 1,174: Line 1,192:

</table>

----

−

The User List section is used to ~~user~~ authentication settings required to successfully connect to this server. The list is empty by default. Click the 'Add' button to create a new PPTP User:

+

The User List section is used to keep authentication settings required to successfully connect to this server. The list is empty by default. Click the 'Add' button to create a new PPTP User:

[[File:Networking_rutos_vpn_pptp_server_user_list_add_button.png|border|class=tlt-border]]

Line 1,203: Line 1,221:

</table>

−

Note: there can only one PPTP Server configuration on the device.

+

Note: there can only be one PPTP Server configuration on the device.

==SSTP==

Secure Socket Tunneling Protocol (SSTP) is a VPN protocol designed to transport PPP traffic via a secure SSL/TLS channel.

−

{{#ifeq: ~~TRB1~~ | RUTX | |

+

{{#ifeq: {{{series}}} | RUTX | |

Note: SSTP is additional software that can be installed from the Services → [[{{{name}}} Package Manager|Package Manager]] page.

}}

Line 1,820: Line 1,838:

</tr>

<tr>

−

<td>Networks/td>

+

<td>Networks</td>

<td>hex string; default: none</td>

<td>ZeroTier Network ID. Log in to your ZeroTier account in order to locate the ZeroTier Network ID, which should be a string of hexadecimal characters.</td>

</tr>

<tr>

−

+

<td>integer [0..65535]; default: none</td>

<td>ZeroTier Network port.</td>

Line 1,838: Line 1,856:

might be regarded as the most secure, easiest to use, and simplest VPN solution.

−

~~Note: WireGuard is additional software that can be installed from the Services → [[{{{name}}} Package Manager|Package Manager]] page.~~

+

WireGuard works by adding an interface which acts as a tunnel. To create one enter its name and click the Add button. This should add a new Wireguard instance and open a configuration window.

−

WireGuard works by adding an interface which acts as a tunnel. To create one enter its name and click the Add button.

−

~~To configure it click the Edit [[File:Networking_rutx_manual_edit_button_v1.png]] button~~.

[[File:Networking_rutx_vpn_wireguard_v1.png|border|class=tlt-border]]

−

===General Instance Settings===

Gytispieze

Bureaucrats, Interface administrators, Administrators

9,305

edits

Namespaces

Variants

Views

More

Search

Changes

Template:Networking rutos manual vpn (view source)

Revision as of 13:52, 1 September 2022

Navigation menu

Personal tools

NAVIGATION

Tools

Categories