Changes

Template:Networking rutos manual vpn (view source)

Revision as of 11:54, 19 May 2022

3,581 bytes removed , 11:54, 19 May 2022

no edit summary

Line 3: Line 3:

| fw_version ={{Template: Networking_rutos_manual_latest_fw

| series = {{{series}}}

+

| name = {{{name}}}

}}

Line 30: Line 31:

To begin configuration, click the button that looks like a pencil next to the client instance. Refer to the figure and table below for information on the OpenVPN client's configuration fields:

−

[[File:~~Networking_trb2_vpn_openvpn_client_configuration_v3~~.png|border|class=tlt-border|]]

+

[[File:Networking_trb2_vpn_openvpn_client_configuration_v2.png|border|class=tlt-border|]]

Line 102: Line 103:

<td>Yes {{!}} No {{!}} None; default: None</td>

<td>Turns LZO data compression on or off.</td>

+

</tr>

+

<tr>

+

<td>Encryption</td>

+

<td>DES-CBC 64 {{!}} RC2-CBC 128 {{!}} DES-EDE-CBC 128 {{!}} DES-EDE3-CBC 192 {{!}} DESX-CBC 192 {{!}} BF-CBC 128 {{!}} RC2-40-CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-40CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-64-CBC 64{{!}} AES-128-CBC 128 {{!}} AES-192-CBC 192 {{!}} AES-256-CBC 256 {{!}} none; default: BF-CBC 128</td>

+

<td>Algorithm used for packet encryption.</td>

</tr>

<tr>

<td>Authentication</td>

−

<td>~~Static key~~ {{!}} ~~TLS~~ {{!}} ~~TLS/~~Password {{!}} Password ; default: ~~Static key~~</td>

+

<td>TLS {{!}} Static Key {{!}} Password {{!}} TLS/Password; default: TLS</td>

<td>Authentication mode, used to secure data sessions.

<ul>

Line 120: Line 126:

</ul>

</td>

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>Encryption</td>~~

−

<td>DES-CBC 64 {{!}} RC2-CBC 128 {{!}} DES-EDE-CBC 128 {{!}} DES-EDE3-CBC 192 {{!}} DESX-CBC 192 {{!}} BF-CBC 128 {{!}} RC2-40-CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-40CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-64-CBC 64{{!}} AES-128-CBC 128 {{!}} AES-192-CBC 192 {{!}} AES-256-CBC 256 {{!}} none; default: BF-CBC 128</td>

−

~~<td>Algorithm used for packet encryption.</td>~~

</tr>

<tr>

Line 172: Line 173:

</tr>

<tr>

−

<td>~~TLS/~~Password: ~~HMAC authentication algorithm~~</td>

+

<td>Password: User name</td>

−

<td>~~none {{!}} SHA1 {{!}} SHA256 {{!}} SHA384 {{!}} SHA512~~; default: ~~SHA1~~</td>

+

<td>string; default: none</td>

−

<td>~~HMAC~~ authentication ~~algorithm type~~.</td>

+

<td>Username used for authentication to the OpenVPN server.</td>

</tr>

<tr>

−

<td>~~TLS/~~Password: ~~Additional HMAC authentication~~</td>

+

<td>Password: Password</td>

−

<td>~~off {{!}} on~~; default: ~~off~~</td>

+

<td>string; default: none</td>

−

<td>~~An additional layer of HMAC~~ authentication ~~on top of~~ the ~~TLS control channel to protect against DoS attacks~~.</td>

+

<td>Password used for authentication to the OpenVPN server.</td>

</tr>

<tr>

−

<td>TLS/Password: HMAC authentication key</td>

+

<td>Extra options</td>

−

<td>.key file; default: none</td>

+

<td>string; default: none</td>

−

<td>Uploads an HMAC authentication key file.</td>

+

<td>Extra OpenVPN options to be used by the OpenVPN instance.</td>

+

</tr>

+

<tr>

+

<td>Certificate files from device</td>

+

<td>off {{!}} on; default: off</td>

+

<td>Turn on this option if you want to select generated certificate files from device.</td>

+

</tr>

+

<tr>

+

<td>TLS/Password: HMAC authentication algorithm</td>

+

<td>none {{!}} SHA1 {{!}} SHA256 {{!}} SHA384 {{!}} SHA512; default: SHA1</td>

+

<td>HMAC authentication algorithm type.</td>

+

</tr>

+

<tr>

+

<td>TLS/Password: Additional HMAC authentication</td>

+

<td>off {{!}} on; default: off</td>

+

<td>An additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks.</td>

+

</tr>

+

<tr>

+

<td>TLS/Password: HMAC authentication key</td>

+

<td>.key file; default: none</td>

+

<td>Uploads an HMAC authentication key file.</td>

</tr>

<tr>

Line 192: Line 213:

</tr>

<tr>

−

<td>Password: ~~User name~~</td>

+

<td>TLS/Password: Certificate authority</td>

−

<td>~~string~~; default: none</td>

+

<td>.ca file; default: none</td>

−

<td>~~Username used for authentication to~~ the ~~OpenVPN server~~.</td>

+

<td>Certificate authority is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate.</td>

</tr>

<tr>

−

~~<td>Password: Password</td>~~

+

<td>TLS: Client certificate</td>

−

~~<td>string; default: none</td>~~

−

~~<td>Password used for authentication to the OpenVPN server.</td>~~

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>Extra options</td>~~

−

~~<td>string; default: none</td>~~

−

~~<td>Extra OpenVPN options to be used by the OpenVPN instance.</td>~~

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>Certificate files from device</td>~~

−

~~<td>off {{!}} on; default: off</td>~~

−

~~<td>Turn on this option if you want to select generated certificate files from device.</td>~~

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>TLS/Password: Certificate authority</td>~~

−

~~<td>.ca file; default: none</td>~~

−

~~<td>Certificate authority is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate.</td>~~

−

~~</tr>~~

−

~~<tr>~~

−

<td>TLS: Client certificate</td>

<td>.crt file; default: none</td>

<td>Client certificate is a type of digital certificate that is used by client systems to make authenticated requests to a remote server. Client certificates play a key role in many mutual authentication designs, providing strong assurances of a requester's identity.</td>

Line 258: Line 259:

To begin configuration, click the button that looks like a pencil next to the server instance. Refer to the figure and table below for information on the OpenVPN server's configuration fields:

−

[[File:~~Networking_rutx_vpn_openvpn_server_configuration_v3~~.png|border|class=tlt-border]]

+

[[File:Networking_rutx_vpn_openvpn_server_configuration_v2.png|border|class=tlt-border]]

Line 294: Line 295:

<li>User Datagram Protocol (UDP) - packets are sent to the recipient without error-checking or back-and-forth quality control, meaning that when packets are lost, they are gone forever. This makes it less reliable but faster than TCP; therefore, it should be used when transfer speed is crucial (for example, video streaming, live calls).</li>

</ul>

−

</td>

+

</td>Which SERVER LAN networks should be reachable from this client

</tr>

<tr>

Line 305: Line 306:

<td>Yes {{!}} No {{!}} None; default: None</td>

<td>Turns LZO data compression on or off.</td>

+

</tr>

+

<tr>

+

<td>Encryption</td>

+

<td>DES-CBC 64 {{!}} RC2-CBC 128 {{!}} DES-EDE-CBC 128 {{!}} DES-EDE3-CBC 192 {{!}} DESX-CBC 192 {{!}} BF-CBC 128 {{!}} RC2-40-CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-40CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-64-CBC 64{{!}} AES-128-CBC 128 {{!}} AES-192-CBC 192 {{!}} AES-256-CBC 256 {{!}} none; default: BF-CBC 128</td>

+

<td>Algorithm used for packet encryption.</td>

</tr>

<tr>

<td>Authentication</td>

−

<td>~~Static key~~ {{!}} ~~TLS~~ {{!}} TLS/~~Password {{!}}~~ Password ; default: ~~Static key~~</td>

+

<td>TLS {{!}} Static Key {{!}} TLS/Password; default: TLS</td>

<td>Authentication mode, used to secure data sessions.

<ul>

Line 319: Line 325:

</ul>All mentioned certificates can be generated using OpenVPN or Open SSL utilities on any type of host machine. One of the most popular utilities used for this purpose is called Easy-RSA.

</li>

−

~~<li>Password is a simple username/password based authentication where the owner of the OpenVPN server provides the login data.</li>~~

<li>TLS/Password uses both TLS and username/password authentication.</li>

</ul>

Line 325: Line 330:

</tr>

<tr>

−

~~<td>Encryption</td>~~

+

<td>Static key: Local tunnel endpoint IP</td>

−

<td>DES-CBC 64 {{!}} RC2-CBC 128 {{!}} DES-EDE-CBC 128 {{!}} DES-EDE3-CBC 192 {{!}} DESX-CBC 192 {{!}} BF-CBC 128 {{!}} RC2-40-CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-40CBC 40 {{!}} CAST5-CBC 128 {{!}} RC2-64-CBC 64{{!}} AES-128-CBC 128 {{!}} AES-192-CBC 192 {{!}} AES-256-CBC 256 {{!}} none; default: BF-CBC 128</td>

+

<td>ip; default: none</td>

−

~~<td>Algorithm used for packet encryption.</td>~~

−

~~</tr>~~

−

~~<tr>~~

−

<td>Static key: Local tunnel endpoint IP</td>

−

<td>ip; default: none</td>

<td>IP address of the local OpenVPN network interface.</td>

</tr>

Line 395: Line 395:

</tr>

<tr>

−

<td>TLS</~~span>/~~Password: ~~HMAC authentication algorithm~~</td>

+

<td>TLS/Password: User name</td>

−

<td>~~none {{!}} SHA1 {{!}} SHA256 {{!}} SHA384 {{!}} SHA512~~; default: ~~SHA1~~</td>

+

<td>string; default: none</td>

−

<td>~~HMAC~~ authentication ~~algorithm type~~.</td>

+

<td>Username used for authentication to this OpenVPN server.</td>

</tr>

<tr>

−

<td>~~TLS/~~~~Password: Additional HMAC authentication</td>~~

+

<td>TLS/Password: Password</td>

−

~~<td>off {{!}} on; default: off</td>~~

+

<td>string; default: none</td>

−

~~<td>An additional layer of HMAC authentication on top of the~~ TLS ~~control channel to protect against DoS attacks.<~~/~~td>~~

+

<td>Password used for authentication to this OpenVPN server.</td>

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>TLS~~</span~~>/Password~~: HMAC authentication key</td>

−

<td>~~.key file~~; default: none</td>

−

<td>~~Uploads an HMAC~~ authentication ~~key file.</td>~~

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>TLS/Password: HMAC key direction</td>~~

−

~~<td>0 {{!}} 1 {{!}} none; default: 1</td>~~

−

<td>The value of the key direction parameter should be complementary on either side (client and server) of the connection. If one side uses 0, the other side should use 1, or both sides should omit the parameter altogether.</td>

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>TLS/Password:Usernames & Passwords</td>~~

−

~~<td>text file; default: none</td>~~

−

~~<td>File containing usernames and passwords against which the~~ server ~~can authenticate clients. Each username and password pair should be placed on a single line and separated by a space~~.</td>

</tr>

<tr>

Line 524: Line 509:

To begin configuration, click the button that looks like a pencil located next to the instance. Refer to the figure and table below for information on the fields located in the GRE instance configuration section.

−

[[File:~~Networking_rutx_vpn_gre_gre_configuration_main_settings_v3~~.png|border|class=tlt-border]]

+

[[File:Networking_rutx_vpn_gre_gre_configuration_main_settings_v2.png|border|class=tlt-border]]

Line 539: Line 524:

<tr>

<td>Tunnel source</td>

−

<td>network interface; default: ~~LAN~~</td>

+

<td>network interface; default: none</td>

<td>Network interface used to establish the GRE Tunnel.</td>

</tr>

Line 549: Line 534:

<tr>

−

<td>integer ~~[68..9200]~~; default: 1476</td>

+

<td>integer; default: 1476</td>

<td>Sets the maximum transmission unit (MTU) size. It is the largest size of a protocol data unit (PDU) that can be transmitted in a single network layer transaction.</td>

+

</tr>

+

<tr>

+

+

<td>integer [0..255]; default: 255</td>

+

<td>Sets a custom TTL (Time to Live) value for encapsulated packets. TTL is a field in the IP packet header which is initially set by the sender and decreased by 1 on each hop. When it reaches 0 it is dropped and the last host to receive the packet sends an ICMP "Time Exceeded" message back to the source.</td>

</tr>

<tr>

Line 564: Line 554:

<tr>

<td>Path MTU Discovery</td>

−

<td>off {{!}} ~~~~on~~~~; default: ~~off~~</td>

+

<td>off {{!}} on; default: on</td>

<td>When unchecked, sets the nopmtudisc option for tunnel. Can not be used together with the TTL option.</td>

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>TTL</td>~~

−

~~<td>integer [0..255]; default: 255</td>~~

−

<td>Sets a custom TTL (Time to Live) value for encapsulated packets. TTL is a field in the IP packet header which is initially set by the sender and decreased by 1 on each hop. When it reaches 0 it is dropped and the last host to receive the packet sends an ICMP "Time Exceeded" message back to the source.</td>

</tr>

<tr>

<td>Keep alive</td>

−

<td>off {{!}} ~~~~on~~~~; default: off</td>

+

<td>off {{!}} on; default: off</td>

<td>Turns "keep alive" on or off. The "keep alive" feature sends packets to the remote instance in order to determine the health of the connection. If no response is received, the device will attempt to re-establish the tunnel.</td>

</tr>

<tr>

−

<td~~>Keep alive interval~~</td>

+

<td>Keep alive interval</td>

<td>integer [0..255]; default: none</td>

<td>Frequency (in seconds) at which "keep alive" packets are sent to the remote instance.</td>

Line 648: Line 633:

<tr>

<td>Authentication method</td>

−

<td>Pre-shared key {{!}} X.509 ~~{{!}} EAP~~; default: Pre-shared key</td>

+

<td>Pre-shared key {{!}} X.509; default: Pre-shared key</td>

<td>Specify authentication method. Choose between Pre-shared key and X.509 certificates.</td>

</tr>

Line 656: Line 641:

<td>A shared password used for authentication between IPsec peers before a secure channel is established.</td>

</tr>

−

<!-- removed on 7.0, to return ~~in the future~~ <tr>

+

<!-- removed on 7.0, to return on 7.1 <tr>

<td>Certificate files from device</td>

<td>off {{!}} on; default: off</td>

Line 732: Line 717:

<tr>

−

<td>~~PSK~~ {{!}} ~~XAUTH {{!}} EAP {{!}} RSA~~; default: ~~PSK~~</td>

+

<td>psk {{!}} xauth; default: psk</td>

<td>IPSec secret type.NOTE: XAUTH secrets are IKEv1 only.</td>

</tr>

Line 775: Line 760:

----

−

[[File:~~Networking_rutos_vpn_ipsec_connection_settings_general_settings_v2~~.png|border|class=tlt-border]]

+

[[File:Networking_rutos_vpn_ipsec_connection_settings_general_settings.png|border|class=tlt-border]]

Line 827: Line 812:

</ul>

</td>

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>Enable XAUTH</td>~~

−

~~<td>off {{!}} on; default: off</td>~~

−

~~<td>Enables XAUTH authentication before allowing access for remote users.</td>~~

</tr>

</table>

Line 1,305: Line 1,285:

==Stunnel==

−

Stunnel is an open-source proxy service that adds TLS encryption to clients and servers already existing on a VPN network.

+

Stunnel is an open-source a proxy service that adds TLS encryption to clients and servers already existing on a VPN network.

TLS encryption provided by Stunnel can be used as an additional layer of encryption for data sent by VPN.

This procedure increases the security of the established connection and provides higher chances of passing a Deep packet inspection (DPI) check.

Line 1,506: Line 1,486:

<tr>

<td>Tunnel source</td>

−

<td>network interface; default: ~~LAN~~</td>

+

<td>network interface; default: none</td>

<td>Network interface used to establish the GRE Tunnel.</td>

</tr>

Line 1,581: Line 1,561:

<tr>

<td>DH/PFS group</td>

−

<td>MODP768 {{!}} MODP1024 {{!}} MODP1536 {{!}} MODP2048 {{!}} MODP3072 {{!}} MODP4096 {{!}} ECP192 {{!}} ECP224 {{!}} ECP256 {{!}} ECP384 {{!}} ECP521; default: ~~MODP1024~~</td>

+

<td>MODP768 {{!}} MODP1024 {{!}} MODP1536 {{!}} MODP2048 {{!}} MODP3072 {{!}} MODP4096 {{!}} ECP192 {{!}} ECP224 {{!}} ECP256 {{!}} ECP384 {{!}} ECP521; default: MODP1536</td>

<td>Diffie-Hellman (DH) group used in the key exchange process. Higher group numbers provide more security, but take longer and use more resources to compute the key. Must match with another incoming connection to establish IPSec. </td>

</tr>

Line 1,607: Line 1,587:

<tr>

<td>NHRP network ID</td>

−

<td>integer; default: ~~none~~</td>

+

<td>integer; default: 1</td>

<td>An identifier used to define the NHRP domain. This is a local parameter and its value does not need to match the values specified on other domains. However, the NHRP ID is added to packets which arrive on the GRE interface; therefore, it may be helpful to use the same ID for troubleshooting purposes.</td>

</tr>

Line 1,617: Line 1,597:

<tr>

−

<td>integer; default: ~~none~~</td>

+

<td>integer; default: 7200</td>

<td>Specifies the holding time for NHRP Registration Requests and Resolution Replies sent from this interface or shortcut-target. The hold time is specified in seconds and defaults to two hours.</td>

</tr>

Line 1,626: Line 1,606:

In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs). It is more secure than PPTP but, because it encapsulates the transferred data twice, but it is slower and uses more CPU power.

−

===L2TP ~~Global Settings===~~

+

===L2TP client===

−

~~----~~

−

~~[[File:Networking_rutos_manual_vpn_l2tp_global_settings_v1.png|border|class=tlt-border]]~~

−

~~<table class="nd-mantable">~~

−

~~<tr>~~

−

~~<th>Field</th>~~

−

~~<th>Value</th>~~

−

~~<th>Description</th>~~

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>Require CHAP</td>~~

−

~~<td>off {{!}} on; default: on</td>~~

−

~~<td>When enabled, peer will be required to authenticate itself using standard CHAP authentication.</td>~~

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>Refuse PAP</td>~~

−

~~<td>off {{!}} on; default: on</td>~~

−

~~<td>When enabled, pppd will not agree to authenticate itself to the peer using Password Authentication Protocol (PAP).</td>~~

−

~~</tr>~~

−

~~</table>~~

−

~~===L2TP Client~~===

----

An L2TP client is an entity that initiates a connection to an L2TP server. To create a new client instance, go to the Services → VPN → L2TP section, select Role: Client, enter a custom name and click the 'Add' button. An L2TP client instance with the given name will appear in the "L2TP Configuration" list.

Line 1,654: Line 1,612:

To begin configuration, click the button that looks like a pencil next to the client instance. Refer to the figure and table below for information on the L2TP client's configuration fields:

−

[[File:~~Networking_rutos_manual_vpn_l2tp_client_v1~~.png|border|class=tlt-border]]

+

[[File:Networking_rutos_manual_vpn_l2tp_client.png|border|class=tlt-border]]

Line 1,681: Line 1,639:

<td>string; default: none</td>

<td>Password used for authentication to the L2TP server.</td>

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>CHAP Secret</td>~~

−

~~<td>string; default: none</td>~~

−

~~<td>A secret used for L2TP Tunnel Authentication.</td>~~

</tr>

<tr>

Line 1,694: Line 1,647:

</table>

−

===L2TP ~~Server~~===

+

===L2TP server===

----

An L2TP server is an entity that waits for incoming connections from L2TP clients. To create a new server instance, go to the Services → VPN → L2TP section, select Role: Server, enter a custom name and click the 'Add' button. An L2TP server instance with the given name will appear in the "L2TP Configuration" list. Only one L2TP server instance is allowed to be added.

Line 1,702: Line 1,655:

To begin configuration, click the button that looks like a pencil next to the server instance. Refer to the figure and table below for information on the L2TP server's configuration fields:

−

[[File:~~Networking_rutx_vpn_l2tp_server_configuration_v3~~.png|border|class=tlt-border]]

+

[[File:Networking_rutx_vpn_l2tp_server_configuration_v2.png|border|class=tlt-border]]

Line 1,729: Line 1,682:

<td>ip; default: 192.168.0.30</td>

<td>L2TP IP address leases will end with the address specified in this field.</td>

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>Enable CHAP</td>~~

−

~~<td>off {{!}} on; default: user</td>~~

−

~~<td>Enables Challenge-Handshake Authentication Protocol for L2TP</td>~~

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>CHAP Secret</td>~~

−

~~<td>string; default: user</td>~~

−

~~<td>A secret used for L2TP Tunnel Authentication.</td>~~

</tr>

<tr>

Line 1,830: Line 1,773:

===Instance Settings===

----

−

[[File:~~Networking_rutos_vpn_l2tpv3_configuration_instance_settings_v2~~.png]]

+

[[File:Networking_rutos_vpn_l2tpv3_configuration_instance_settings_v1.png]]

<tr>

Line 1,843: Line 1,786:

</tr>

<tr>

−

<td>~~IPv4~~ Address</td>

+

<td>IP Address</td>

−

<td>~~ip4~~; default: none</td>

+

<td>ip; default: none</td>

−

<td>~~IPv4~~ address of standalone L2TPv3 interface.<td>

+

<td>IP address of standalone L2TPv3 interface.<td>

</tr>

<tr>

<td>Netmask</td>

−

<td>netmask; default: ~~255.255.255.0~~</td>

+

<td>netmask; default: none</td>

<td>Netmask of standalone L2TPv3 interface. </td>

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>IPv6 Address</td>~~

−

~~<td>ip6; default: none</td>~~

−

~~<td>IPv6 address of standalone L2TPv3 interface. CIDR notation: address/prefix.<td>~~

</tr>

<tr>

Line 1,864: Line 1,802:

<tr>

<td>Encapsulation</td>

−

<td>IP {{!}} ~~~~UDP~~~~; default: IP</td>

+

<td>IP {{!}} UDP; default: IP</td>

<td>Specify technology to use when connecting to other end.</td>

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>UDP source port</td>~~

−

~~<td>port; default: none</td>~~

−

~~<td>Specifies source port.</td>~~

−

~~</tr>~~

−

~~<tr>~~

−

~~<td>UDP destination port</td>~~

−

~~<td>port; default: none</td>~~

−

~~<td>Specifies destination port.</td>~~

</tr>

<tr>

Line 1,938: Line 1,866:

Private keys and generate them, specify Port and IP addresses for communication.

−

[[File:~~Networking_rutx_vpn_wireguard_instance_general_v2~~.png|border|class=tlt-border]]

+

[[File:Networking_rutx_vpn_wireguard_instance_general_v1.png|border|class=tlt-border]]

Line 1,953: Line 1,881:

<tr>

<td>Private Key</td>

−

<td>~~Base64-encoded~~ string; default: ~~generated~~</td>

+

<td>string; default: none</td>

−

<td>Private Key used in authentication~~. Required~~.</td>

+

<td>Private Key used in authentication.</td>

</tr>

<tr>

<td>Public Key</td>

−

<td>~~Base64-encoded~~ string; default: ~~generated~~</td>

+

<td>string; default: -</td>

<td>Public Key used in authentication.</td>

</tr>

Line 1,968: Line 1,896:

<tr>

<td>Listen Port</td>

−

<td>integer [0..65535]; default: ~~51820~~</td>

+

<td>integer [0..65535]; default: none</td>

<td>Specify port to listen for incomming connections. It will be set to a random integer if left empty.</td>

</tr>

Gytispieze

Bureaucrats, Interface administrators, Administrators

9,312

edits

Namespaces

Variants

Views

More

Search

Changes

Template:Networking rutos manual vpn (view source)

Revision as of 11:54, 19 May 2022

Navigation menu

Personal tools

NAVIGATION

Tools

Categories