31,703
edits
Changes
→IPsec
To create a new IPsec instance, go to the IPsec tab, type in a name for your new instance in the text field below the IPsec tab and press the '''Add''' button next to it.
To create a new IPsec instance, go to the IPsec tab, type in a name for your new instance in the text field below the IPsec tab and press the '''Add''' button next to it.
[[Image:Services vpn ipsec.PNG]]
[[Image:Services vpn ipsec.PNG]]
| style="text-align: left; vertical-align: top;" | Tunnel {{!}} Transport; Default: '''Tunnel'''
| style="text-align: left; vertical-align: top;" | Tunnel {{!}} Transport; Default: '''Tunnel'''
| style="text-align: left; vertical-align: top;" | Type of connection
| style="text-align: left; vertical-align: top;" | Type of connection
|-
! style="text-align: left; vertical-align: top;" | My identifier type
| style="text-align: left; vertical-align: top;" | Address {{!}} FQDN {{!}} User FQDN; Default: '''FQDN'''
| style="text-align: left; vertical-align: top;" | Type of connection
|-
! style="text-align: left; vertical-align: top;" | My identifier
| style="text-align: left; vertical-align: top;" | string; Default: " "
| style="text-align: left; vertical-align: top;" | In case RUT has a Private IP, its identifier should be its own LAN network address. In this way, the Road Warrior approach is possible
|-
|-
! style="text-align: left; vertical-align: top;" | Force encapsulation
! style="text-align: left; vertical-align: top;" | Force encapsulation
| style="text-align: left; vertical-align: top;" | ip; Default: " "
| style="text-align: left; vertical-align: top;" | yes {{!}} no; Default: '''no
| style="text-align: left; vertical-align: top;" | Force UDP encapsulation for ESP packets even if no NAT situation is detected
| style="text-align: left; vertical-align: top;" | Forces UDP encapsulation for ESP packets even if no NAT situation is detected
|-
|-
! style="text-align: left; vertical-align: top;" | Dead Peer Detection
! style="text-align: left; vertical-align: top;" | Dead Peer Detection
| style="text-align: left; vertical-align: top;" | ip; Default: " "
| style="text-align: left; vertical-align: top;" | yes {{!}} no; Default: '''no'''
| style="text-align: left; vertical-align: top;" | Client’s private network (LAN) IP address
| style="text-align: left; vertical-align: top;" | The values 'clear', 'hold' and 'restart' all activate DPD
|-
|-
! style="text-align: left; vertical-align: top;" | Pre-shared key
! style="text-align: left; vertical-align: top;" | Pre-shared key
| style="text-align: left; vertical-align: top;" | ip; Default: " "
| style="text-align: left; vertical-align: top;" | string; Default: " "
| style="text-align: left; vertical-align: top;" | Client’s private network (LAN) IP netmask
| style="text-align: left; vertical-align: top;" | A shared password used for authentication between the peers
|-
|-
! style="text-align: left; vertical-align: top;" | Remote VPN endpoint
! style="text-align: left; vertical-align: top;" | Remote VPN endpoint
| style="text-align: left; vertical-align: top;" | ip; Default: " "
| style="text-align: left; vertical-align: top;" | host {{!}} ip; Default: " "
| style="text-align: left; vertical-align: top;" | Client’s private network (LAN) IP netmask
| style="text-align: left; vertical-align: top;" | IP address or hostname of the remote IPsec instance
|-
|-
! style="text-align: left; vertical-align: top;" | IP address/subnet mask
! style="text-align: left; vertical-align: top;" | IP address/subnet mask
| style="text-align: left; vertical-align: top;" | ip; Default: " "
| style="text-align: left; vertical-align: top;" | ip/integer [0..32]; Default: " "
| style="text-align: left; vertical-align: top;" | Client’s private network (LAN) IP netmask
| style="text-align: left; vertical-align: top;" | Remote network secure group IP address and mask used to determine to what subnet an IP address belongs to. Should differ from device’s LAN IP
|-
|-
! style="text-align: left; vertical-align: top;" | Enable keep alive
! style="text-align: left; vertical-align: top;" | Enable keep alive
| style="text-align: left; vertical-align: top;" | ip; Default: " "
| style="text-align: left; vertical-align: top;" | yes {{!}} no; Default: '''no'''
| style="text-align: left; vertical-align: top;" | Client’s private network (LAN) IP netmask
| style="text-align: left; vertical-align: top;" | Toggles the tunnel's keep alive function ON or OFF
|-
|-
! style="text-align: left; vertical-align: top;" | Host
! style="text-align: left; vertical-align: top;" | Host
| style="text-align: left; vertical-align: top;" | ip; Default: " "
| style="text-align: left; vertical-align: top;" | host {{!}} ip; Default: " "
| style="text-align: left; vertical-align: top;" | Client’s private network (LAN) IP netmask
| style="text-align: left; vertical-align: top;" | A host address to which an ICMP echo requests will be sent for keep alive purposes
|-
|-
! style="text-align: left; vertical-align: top;" | Ping period (sec)
! style="text-align: left; vertical-align: top;" | Ping period (sec)
| style="text-align: left; vertical-align: top;" | ip; Default: " "
| style="text-align: left; vertical-align: top;" | integer [0..9999999]; Default: " "
| style="text-align: left; vertical-align: top;" | Client’s private network (LAN) IP netmask
| style="text-align: left; vertical-align: top;" | Send ICMP echo request every '''x''' seconds ('''x''' being the number specified in this field)
|-
|-
|}
|}