Changes

no edit summary
Line 9: Line 9:  
The <b>IPsec configuration</b> section is used to configure the main parameters of an IPsec connection. Refer to the figure and table below for information on the configuration fields located in the general settings section.
 
The <b>IPsec configuration</b> section is used to configure the main parameters of an IPsec connection. Refer to the figure and table below for information on the configuration fields located in the general settings section.
   −
[[File:{{{file_ipsec_config}}}]]
+
[[File:Networking_rutxxx_vpn_ipsec_ipsec_configuration_v3.png|border|class=tlt-border]]
    
<table class="nd-mantable">
 
<table class="nd-mantable">
Line 98: Line 98:  
         <td>integer; default: <b>none</b></td>
 
         <td>integer; default: <b>none</b></td>
 
         <td>Time limit after which the IPsec instance will stop checking the availability of a peer and determine it to be "dead" if no response is received.</td>
 
         <td>Time limit after which the IPsec instance will stop checking the availability of a peer and determine it to be "dead" if no response is received.</td>
     </tr><tr><td>Authentification type</td><td>Pre-shared key | X.509; default: '''Pre-shared key'''</td><td>Here you can choose authentification type accordingly to your IPSec configuration</td></tr><tr><td>Certificate file
+
     </tr>
</td><td>.crt file; default: '''none'''</td><td>Uploads a certificate file.</td></tr><tr><td>Key file</td><td>.key file; default: '''none'''</td><td>Uploads a key file.</td></tr><tr><td>Right participant's certificate</td><td>.crt file; default: '''none'''</td><td>Right participant's certificate certificate is used to authenticate remote peer</td></tr><tr><td>CA certificate</td><td>.crt file; default: '''none'''</td><td>Uploads a Certificate authority (CA) file.</td></tr><tr><td>Pre shared key
+
    <tr>
</td><td>string; default: '''none'''</td><td>A shared password used to authenticate between the peers</td></tr><tr><td>Use additional xauth authentification</td><td>yes | no; default: <b>no</b></td><td>Adds additional xauth authentification options.</td></tr><tr><td>Xauth password
+
        <td>Authentification type</td>
</td><td>string;default: <b>none</b></td><td>Password for additional peer authentification.</td></tr><tr>
+
        <td>Pre-shared key | X.509; default: '''Pre-shared key'''</td>
 +
        <td>Here you can choose authentification type accordingly to your IPSec configuration</td>
 +
    </tr>
 +
    <tr>
 +
        <td>Certificate file</td><td>.crt file; default: '''none'''</td>
 +
        <td>Uploads a certificate file.</td></tr><tr><td>Key file</td>
 +
        <td>.key file; default: '''none'''</td><td>Uploads a key file.</td>
 +
    </tr>
 +
    <tr>
 +
        <td>CA certificate</td><td>.crt file; default: '''none'''</td>
 +
        <td>Uploads a Certificate authority (CA) file.</td>
 +
    </tr>
 +
    <tr>
 +
        <td>Remote participant's certificate</td>
 +
        <td>.crt file; default: '''none'''</td>
 +
        <td>Remote participant's certificate certificate is used to authenticate remote peer</td>
 +
    </tr>
 +
    <tr>
 +
        <td>Use additional xauth authentification</td>
 +
        <td>yes | no; default: <b>no</b></td>
 +
        <td>Adds additional xauth authentification options.</td>
 +
    </tr>
 +
    <tr>
 +
        <td><span style="color:orange">Xauth:</span> Xauth password</td>
 +
        <td>string; default: <b>none</b></td>
 +
        <td>Password for additional peer authentification.</td>
 +
    </tr>
 +
    <tr>
 
       <td>Remote VPN endpoint</td>
 
       <td>Remote VPN endpoint</td>
 
       <td>host | ip; default: <b>none</b></td>
 
       <td>host | ip; default: <b>none</b></td>
 
       <td>IP address or hostname of the remote IPsec instance.</td>
 
       <td>IP address or hostname of the remote IPsec instance.</td>
 +
    </tr>
 +
    <tr>
 +
      <td>Remote identifier</td>
 +
      <td>ip | string; default: <b>none</b></td>
 +
      <td>Defines remote IPsec instance identification.</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
Line 120: Line 152:  
         <td>yes | no; default: <b>no</b></td>
 
         <td>yes | no; default: <b>no</b></td>
 
         <td>Adds several necessary options to make DMVPN work.</td>
 
         <td>Adds several necessary options to make DMVPN work.</td>
     </tr><tr><td>Passthrough networks</td><td>None | LAN | Wired | WiFi | Mobile | custom; default: '''none'''</td><td>Select networks which should be passthrough and excluded from routing through tunnel</td></tr><tr>
+
     </tr>
 +
    <tr>
 +
        <td>Passthrough networks</td><td>None | LAN | Wired | WiFi | Mobile | custom; default: '''none'''</td>
 +
        <td>Select networks which should be passthrough and excluded from routing through tunnel</td>
 +
    </tr>
 +
    <tr>
 
       <td>Enable keepalive</td>
 
       <td>Enable keepalive</td>
 
       <td>yes | no; default: <b>no</b></td>
 
       <td>yes | no; default: <b>no</b></td>
Line 151: Line 188:  
     <li>Some configuration fields become available only when certain other parameters are selected. Different color codes are used for different parameters:
 
     <li>Some configuration fields become available only when certain other parameters are selected. Different color codes are used for different parameters:
 
         <ul>
 
         <ul>
 +
            <li>Orange for <span style="color: orange;">Type: Xauth</span></li>
 
             <li>Red for <span style="color: red;">Type: Tunnel</span></li>
 
             <li>Red for <span style="color: red;">Type: Tunnel</span></li>
 
             <li>Purple for <span style="color: purple;">Type: Transport</span></li>
 
             <li>Purple for <span style="color: purple;">Type: Transport</span></li>
Line 250: Line 288:  
===Pre-shared keys===
 
===Pre-shared keys===
 
----
 
----
A <b>pre-shared key</b> is a secret password used for authentication between IPsec peers before a secure tunnel is established. To create a new key, click the 'Add' button.
+
A <b>pre-shared key</b> is a secret password used for authentication between IPsec peers  
 +
before a secure tunnel is established. During authentication device will try to check if
 +
connection matches any <b>Secret's ID selector</b> and then the <b>pre-shared key</b> from
 +
the first match will be used.
 +
 
 +
To create a new key, click the 'Add' button.
   −
The figure below is an example of the Pre-shared keys section and the table below provides information on configuration fields contained in that section:
+
The figure below is an example of the Pre-shared keys section and the table  
 +
below provides information on configuration fields contained in that section:
    
[[File:{{{file_ipsec_psk}}}]]
 
[[File:{{{file_ipsec_psk}}}]]
834

edits

Navigation menu