Changes

no edit summary
Line 1: Line 1:  +
{{Template: Networking_rutos_manual_fw_disclosure
 +
| fw_version = {{#switch: {{{series}}}
 +
  | RUT2XX = {{{series}}}_R_00.01.13
 +
  | RUT9XX = {{{series}}}_R_00.06.07}}
 +
| series    = {{{series}}}
 +
}}
 
==Summary==
 
==Summary==
    
<b>Virtual Private Network</b> (<b>VPN</b>) is a method of connecting multiple private networks across the Internet. VPNs can serve to achieve many different goals, but some of its main purposes are:
 
<b>Virtual Private Network</b> (<b>VPN</b>) is a method of connecting multiple private networks across the Internet. VPNs can serve to achieve many different goals, but some of its main purposes are:
 +
 
<ul>
 
<ul>
     <li>access between remote private networks;</li>
+
     <li>providing access between remote private networks;</li>
     <li>data encryption;</li>
+
     <li>providing data encryption and anonymity when browsing the Internet.</li>
    <li>anonymity when browsing the Internet.</li>
   
</ul>
 
</ul>
   −
This page is an overview of the different types of VPNs supported by {{{name}}} routers.
+
This chapter of the user manual provides an overview of the Firewall page for {{{name}}} devices.
 
  −
{{Template: Networking_rutxxx_manual_fw_disclosure
  −
| fw_version = {{{fw_version}}}
  −
}}
      
==OpenVPN==
 
==OpenVPN==
Line 26: Line 28:  
To begin configuration, click the 'Edit' button next to the client instance. Refer to the figure and table below for information on the OpenVPN client's configuration fields:
 
To begin configuration, click the 'Edit' button next to the client instance. Refer to the figure and table below for information on the OpenVPN client's configuration fields:
   −
[[File:{{{file_openvpn_client_config}}}|border|class=dl-tlt-img]]
+
[[File:{{{file_openvpn_client_config}}}|border|class=tlt-border]]
    
<table class="nd-mantable">
 
<table class="nd-mantable">
Line 94: Line 96:  
     <tr>
 
     <tr>
 
       <td>Encryption</td>
 
       <td>Encryption</td>
       <td>DES-CBC 64 | RC2-CBC 128 | DES-EDE-CBC 128 | DES-EDE3-CBC 192 | DESX-CBC 192 | BF-CBC 128 | RC2-40-CBC 40 | CAST5-CBC 128 | RC2-40CBC 40 | CAST5-CBC 128 | RC2-64-CBC 64| AES-128-CBC 128 | AES-192-CBC 192 | AES-256-CBC 256 | none; default: <b>BF-CBC 128</b></td>
+
       <td>DES-CBC 64 | RC2-CBC 128 | DES-EDE-CBC 128 | DES-EDE3-CBC 192 | DESX-CBC 192 | RC2-40-CBC 40 | CAST5-CBC 128 | RC2-64-CBC 64 | AES-128-CFB 128 | AES-128-CFB1 128 | AES-128-CFB8 128 | AES-128-OFB 128 | AES-128-CBC 128 | AES-128-GCM 128 | AES-192-CFB 192 | AES-192-CFB1 192 | AES-192-CFB8 192 | AES-192-OFB 192 | AES-192-CBC 192 | AES-192-GCM 192 | AES-256-CFB 256 | AES-256-CFB1 256 | AES-256-CFB8 256 | AES-256-OFB 256 | AES-256-CBC 256 | AES-256-GCM 256 | none ; default: <b>BF-CBC 128</b></td>
 
       <td>Algorithm used for packet encryption.</td>
 
       <td>Algorithm used for packet encryption.</td>
 
     </tr>
 
     </tr>
Line 161: Line 163:  
         <td>yes | no; default: <b>no</b></td>
 
         <td>yes | no; default: <b>no</b></td>
 
         <td>Use PKCS #12 archive file format to bundle all the members of a chain of trust.</td>
 
         <td>Use PKCS #12 archive file format to bundle all the members of a chain of trust.</td>
 +
    </tr>
 +
    <tr>
 +
    <td>PKCS #12 passphrase</td>
 +
        <td>string; default: <b>none</b></td>
 +
        <td>Passphrase to decrypt PKCS #12 certificates.</td>
 +
    </tr>
 +
    <tr>
 +
    <td>PKCS #12 certificate chain</td>
 +
        <td>string; default: <b>none</b></td>
 +
        <td>Uploads PKCS #12 certificate chain file.</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
Line 169: Line 181:  
     <tr>
 
     <tr>
 
       <td><span style="color: red;">TLS</span>/<span style="color: #0054a6;">Password:</span> Additional HMAC authentication</td>
 
       <td><span style="color: red;">TLS</span>/<span style="color: #0054a6;">Password:</span> Additional HMAC authentication</td>
       <td>yes | no; default: <b>no</b></td>
+
       <td>none | Authentication only (tls-auth) | Authentication and encryption (tls-crypt); default: <b>none</b></td>
 
       <td>An additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks.</td>
 
       <td>An additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks.</td>
 
     </tr>
 
     </tr>
Line 229: Line 241:  
To begin configuration, click the 'Edit' button next to the server instance. Refer to the figure and table below for information on the OpenVPN server's configuration fields:
 
To begin configuration, click the 'Edit' button next to the server instance. Refer to the figure and table below for information on the OpenVPN server's configuration fields:
   −
[[File:{{{file_openvpn_server_config}}}|border]]
+
[[File:{{{file_openvpn_server_config}}}|border|class=tlt-border]]
    
<table class="nd-mantable">
 
<table class="nd-mantable">
Line 296: Line 308:  
     <tr>
 
     <tr>
 
       <td>Encryption</td>
 
       <td>Encryption</td>
       <td>DES-CBC 64 | RC2-CBC 128 | DES-EDE-CBC 128 | DES-EDE3-CBC 192 | DESX-CBC 192 | BF-CBC 128 | RC2-40-CBC 40 | CAST5-CBC 128 | RC2-40CBC 40 | CAST5-CBC 128 | RC2-64-CBC 64| AES-128-CBC 128 | AES-192-CBC 192 | AES-256-CBC 256 | none; default: <b>BF-CBC 128</b></td>
+
       <td>DES-CBC 64 | RC2-CBC 128 | DES-EDE-CBC 128 | DES-EDE3-CBC 192 | DESX-CBC 192 | RC2-40-CBC 40 | CAST5-CBC 128 | RC2-64-CBC 64 | AES-128-CFB 128 | AES-128-CFB1 128 | AES-128-CFB8 128 | AES-128-OFB 128 | AES-128-CBC 128 | AES-128-GCM 128 | AES-192-CFB 192 | AES-192-CFB1 192 | AES-192-CFB8 192 | AES-192-OFB 192 | AES-192-CBC 192 | AES-192-GCM 192 | AES-256-CFB 256 | AES-256-CFB1 256 | AES-256-CFB8 256 | AES-256-OFB 256 | AES-256-CBC 256 | AES-256-GCM 256 | none ; default: <b>BF-CBC 128</b></td>
 
       <td>Algorithm used for packet encryption.</td>
 
       <td>Algorithm used for packet encryption.</td>
 
     </tr>
 
     </tr>
Line 359: Line 371:  
         <td>When enabled allows multiple clients to connect using the same certificates.</td>
 
         <td>When enabled allows multiple clients to connect using the same certificates.</td>
 
     </tr>
 
     </tr>
    <tr>
+
      <tr>
 
     <td>Use PKCS #12 format</td>
 
     <td>Use PKCS #12 format</td>
 
         <td>yes | no; default: <b>no</b></td>
 
         <td>yes | no; default: <b>no</b></td>
 
         <td>Use PKCS #12 archive file format to bundle all the members of a chain of trust.</td>
 
         <td>Use PKCS #12 archive file format to bundle all the members of a chain of trust.</td>
 +
    </tr>
 +
    <tr>
 +
    <td>PKCS #12 passphrase</td>
 +
        <td>string; default: <b>none</b></td>
 +
        <td>Passphrase to decrypt PKCS #12 certificates.</td>
 +
    </tr>
 +
    <tr>
 +
    <td>PKCS #12 certificate chain</td>
 +
        <td>string; default: <b>none</b></td>
 +
        <td>Uploads PKCS #12 certificate chain file.</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
Line 429: Line 451:  
The TLS Clients section can be found in the OpenVPN Server configuration window, provided that the OpenVPN server uses TLS or TLS/Password authentication methods. To create a new TLS client, type in the new client‘s name in the text field found bellow the TLS Clients tab and click the 'Add' button. Refer to the figure and table below for information on the TLS Clients' configuration fields:
 
The TLS Clients section can be found in the OpenVPN Server configuration window, provided that the OpenVPN server uses TLS or TLS/Password authentication methods. To create a new TLS client, type in the new client‘s name in the text field found bellow the TLS Clients tab and click the 'Add' button. Refer to the figure and table below for information on the TLS Clients' configuration fields:
   −
[[File:{{{file_openvpn_tls_clients_config}}}|border]]
+
[[File:{{{file_openvpn_tls_clients_config}}}|border|class=tlt-border]]
    
<table class="nd-mantable">
 
<table class="nd-mantable">
Line 469: Line 491:  
</table>
 
</table>
   −
{{#ifeq:{{{series}}}|RUT9xx||{{Template:Networking_rut2xx_manual_vpn_ipsec
+
{{#ifeq:{{{series}}}|RUT9XX||{{Template:Networking_rut2xx_manual_vpn_ipsec
 
| file_ipsec_config          = {{{file_ipsec_config}}}
 
| file_ipsec_config          = {{{file_ipsec_config}}}
 
| file_ipsec_phase          = {{{file_ipsec_phase}}}
 
| file_ipsec_phase          = {{{file_ipsec_phase}}}
Line 477: Line 499:  
}}}}
 
}}}}
   −
{{#ifeq:{{{series}}}|RUT2xx||{{Template:Networking_rut9xx_manual_vpn_ipsec
+
{{#ifeq:{{{series}}}|RUT2XX||{{Template:Networking_rut9xx_manual_vpn_ipsec
 
| file_ipsec_config          = {{{file_ipsec_config}}}
 
| file_ipsec_config          = {{{file_ipsec_config}}}
 
| file_ipsec_phase          = {{{file_ipsec_phase}}}
 
| file_ipsec_phase          = {{{file_ipsec_phase}}}
Line 485: Line 507:  
}}}}
 
}}}}
   −
{{#ifeq:{{{series}}}|RUT9xx||{{Template:Networking_rutxxx_manual_vpn_gre
+
{{#ifeq:{{{series}}}|RUT9XX||{{Template:Networking_rutxxx_manual_vpn_gre
 
| file_gre_config_main      = {{{file_gre_config_main}}}
 
| file_gre_config_main      = {{{file_gre_config_main}}}
 
| file_gre_config_routing  = {{{file_gre_config_routing}}}
 
| file_gre_config_routing  = {{{file_gre_config_routing}}}
 
}}}}
 
}}}}
   −
{{#ifeq:{{{series}}}|RUT2xx||{{Template:Networking_rut9xx_manual_vpn_gre
+
{{#ifeq:{{{series}}}|RUT2XX||{{Template:Networking_rut9xx_manual_vpn_gre
 
| file_gre_config_main      = {{{file_gre_config_main}}}
 
| file_gre_config_main      = {{{file_gre_config_main}}}
 
| file_gre_config_routing  = {{{file_gre_config_routing}}}
 
| file_gre_config_routing  = {{{file_gre_config_routing}}}
Line 544: Line 566:  
     </tr>
 
     </tr>
 
</table>
 
</table>
  −
[[Category:{{{name}}} WebUI]]
      
===PPTP server===
 
===PPTP server===
Line 585: Line 605:  
     <tr>
 
     <tr>
 
       <td>User name</td>
 
       <td>User name</td>
       <td>string; default: <b>user</b></td>
+
       <td>string; default: <b>youruser</b></td>
 
       <td>Username used for authentication to this PPTP server.</td>
 
       <td>Username used for authentication to this PPTP server.</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
 
       <td>Password</td>
 
       <td>Password</td>
       <td>string; default: <b>pass</b></td>
+
       <td>string; default: <b>yourpass</b></td>
 
       <td>Password used for authentication to this PPTP server.</td>
 
       <td>Password used for authentication to this PPTP server.</td>
 
     </tr>
 
     </tr>
Line 602: Line 622:  
==L2TP==
 
==L2TP==
   −
In computer networking, <b>Layer 2 Tunneling Protocol</b> (<b>L2TP</b>) is a tunneling protocol used to support virtual private networks (VPNs). It is more secure than PPTP but, because it encapsulates the transferred data twice, but it is slower and uses more CPU power.
+
In computer networking, <b>Layer 2 Tunneling Protocol</b> (<b>L2TP</b>) is a tunneling protocol  
 +
used to support virtual private networks (VPNs). It is more secure than PPTP but, because  
 +
it encapsulates the transferred data twice, but it is slower and uses more CPU power.
    
===L2TP client===
 
===L2TP client===
 
----
 
----
An <b>L2TP client</b> is an entity that initiates a connection to an L2TP server. To create a new client instance, go to the <i>Services → VPN → L2TP</i> section, select <i>Role: Client</i>, enter a custom name and click the 'Add New' button. An L2TP client instance with the given name will appear in the "L2TP Configuration" list.
+
An <b>L2TP client</b> is an entity that initiates a connection to an L2TP server. To  
 +
create a new client instance, go to the <i>Services → VPN → L2TP</i> section, select  
 +
<i>Role: Client</i>, enter a custom name and click the 'Add New' button. An L2TP client  
 +
instance with the given name will appear in the "L2TP Configuration" list.
   −
To begin configuration, click the 'Edit button located next to the client instance. Refer to the figure and table below for information on the L2TP client's configuration fields:
+
To begin configuration, click the 'Edit button located next to the client instance. Refer  
 +
to the figure and table below for information on the L2TP client's configuration fields:
   −
[[File:{{{file_l2tp_client_config}}}]]
+
[[File:Networking_{{lc:{{{series}}}}}_vpn_l2tp_client_configuration_v1.png|border|class=tlt-border]]
    
<table class="nd-mantable">
 
<table class="nd-mantable">
Line 631: Line 657:  
       <td>Username</td>
 
       <td>Username</td>
 
       <td>string; default: <b>none</b></td>
 
       <td>string; default: <b>none</b></td>
       <td>Username used for authentication to the L2TP server.</td>
+
       <td>Username used in authorization to the L2TP server.</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
 
       <td>Password</td>
 
       <td>Password</td>
 
       <td>string; default: <b>none</b></td>
 
       <td>string; default: <b>none</b></td>
       <td>Password used for authentication to the L2TP server.</td>
+
       <td>Password used in authorization to the L2TP server.</td>
 +
    </tr>
 +
    <tr>
 +
      <td>Authentication</td>
 +
      <td>string; default: <b>none</b></td>
 +
      <td>Optional. Password used in L2TP tunnel CHAP authentication.</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
Line 649: Line 680:  
     </tr>
 
     </tr>
 
</table>
 
</table>
  −
[[Category:{{{name}}} WebUI]]
      
===L2TP server===
 
===L2TP server===
Line 660: Line 689:  
To begin configuration, click the 'Edit' button located next to the server instance. Refer to the figure and table below for information on the L2TP server's configuration fields:
 
To begin configuration, click the 'Edit' button located next to the server instance. Refer to the figure and table below for information on the L2TP server's configuration fields:
   −
[[File:{{{file_l2tp_server_config}}}]]
+
[[File:Networking_rutxxx_vpn_l2tp_server_configuration_v1.png]]
    
<table class="nd-mantable">
 
<table class="nd-mantable">
Line 755: Line 784:  
</table>
 
</table>
   −
{{#ifeq:{{{series}}}|RUT2xx||{{Template:Networking_rut9xx_manual_vpn_stunnel
+
{{#ifeq:{{{series}}}|RUT2XX||{{Template:Networking_rut9xx_manual_vpn_stunnel
 
| file_stunnel_globals    = {{{file_stunnel_globals}}}
 
| file_stunnel_globals    = {{{file_stunnel_globals}}}
 
| file_stunnel_client_server_config  = {{{file_stunnel_client_server_config}}}
 
| file_stunnel_client_server_config  = {{{file_stunnel_client_server_config}}}
Line 761: Line 790:  
}}}}
 
}}}}
   −
{{#ifeq:{{{series}}}|RUT9xx||{{Template:Networking_rut2xx_manual_vpn_stunnel
+
{{#ifeq:{{{series}}}|RUT9||{{Template:Networking_rut2xx_manual_vpn_stunnel
 
| file_stunnel_globals    = {{{file_stunnel_globals}}}
 
| file_stunnel_globals    = {{{file_stunnel_globals}}}
 
| file_stunnel_client_server_config  = {{{file_stunnel_client_server_config}}}
 
| file_stunnel_client_server_config  = {{{file_stunnel_client_server_config}}}
Line 767: Line 796:  
}}}}
 
}}}}
   −
{{#ifeq:{{{series}}}|RUT2xx||{{Template:Networking_rutxxx_manual_vpn_dmvpn
+
{{#ifeq:{{{series}}}|RUT2XX||{{Template:Networking_rutxxx_manual_vpn_dmvpn
 
| file_dmvpn_config      = {{{file_dmvpn_config}}}
 
| file_dmvpn_config      = {{{file_dmvpn_config}}}
 
| file_dmvpn_gre_config  = {{{file_dmvpn_gre_config}}}
 
| file_dmvpn_gre_config  = {{{file_dmvpn_gre_config}}}
Line 780: Line 809:  
}}
 
}}
   −
[[Category:{{{name}}} WebUI]]
+
[[Category:{{{name}}} Services section]]

Navigation menu