Differences

This shows you the differences between two versions of the page.

--- web_gui:vpn_peer [2010/11/19 16:21]
mats
+++ web_gui:vpn_peer [2010/11/24 09:52] (current)
mats
@@ Line 12: / Line 12: @@
 {{ :web_gui:vpn_peer.png?237|VPN peer in rel 5.30}}
-**Remote Gateway IP Address** – here you must enter the global IP address the IPSec gateway you want to access can be reached at. The address must be a static IP address.
+**Remote Gateway IP Address** – here you must enter the global IP address the IPSec gateway you want to access can be reached at. The address must be a static IP address. (A DNS name is not supported).
 **Pre-shared key** – here you must enter the pre-shared key to be used for authentication. [[wp>Preshared_secret|Pre-shared key]]
@@ Line 18: / Line 18: @@
 If you are using [[vpn:certificates|certificate]] for authentication then change authentication method in all three preferences, and select the certificates used in the Identity fields.
-To create an EasyServer peer entry specify “0.0.0.0" as “Remote Gateway IP Address" and “Act as: Responder for roaming clients". Enter pre-shared key or certificates as described above.
+To create an [[vpn:easyserver|EasyServer]] peer entry specify “0.0.0.0" as “Remote Gateway IP Address" and “Act as: Responder for roaming clients". Enter pre-shared key or certificates as described above.
 ===== Other VPN peer settings fields =====
@@ Line 41: / Line 41: @@
 These settings control how your Internet Gate verifies that it has connected to the correct remote gateway. The values in these fields must match the way the remote gateway identifies itself.
-The most common identification type for connections with pre-shared keys is IP Address. The ID: Remote Gateway IP Address configuration makes your Internet Gate compare the remote gateway's IP address with the one you have specified in the Remote Gateway IP Address field at the top of the page.
+The most common identification type for connections with pre-shared keys is //IP Address//. The **ID**: //Remote Gateway IP Address// configuration makes your Internet Gate compare the remote gateway's IP address with the one you have specified in the **Remote Gateway IP Address** field at the top of the page.
-The most common identification type for connections with certificates is ASN.1 Dist name. [[wp>ASN.1]]
+The most common identification type for connections with certificates is //ASN.1 Dist name//. [[wp>ASN.1]]
-You can turn off remote gateway identification verification by selecting ID: Any ID (no ID check). Then your Internet Gate will accept any remote gateway regardless of how it has identified itself.
+You can turn off remote gateway identification verification by selecting **ID**: //Any ID (no ID check)//. Then your Internet Gate will accept any remote gateway regardless of how it has identified itself.
 **Certificate** If [[vpn:certificates|certificates]] shall be used for identification, select the one to be used from the list of available trusted certificates.\\
@@ Line 62: / Line 62: @@
 **Act as**:\\
 By default your Internet Gate acts as both IPSec //Initiator and responder//, meaning it can initialize an IPSec connection when needed, but also answer to an incoming connection request from the specified remote IPSec gateway. You can change it to just //responder//: then your Internet Gate becomes more like a “server" only accepting access from the specified “client", but not trying to connect to it by itself. The //Responder for roaming clients setting// is for the EasyServer.
-  * //Initiator and responder// this unit accepts connection attempts from the remote peer, and also tries to initiate connection by itself if there is any data to be sent to the remote peer. ( "client" )
+  * //Initiator and responder//: this unit accepts connection attempts from the remote peer, and also tries to initiate connection by itself if there is any data to be sent to the remote peer. ( "client" )
-  * //Responder// this unit accepts connection attempts from the remote peer, but does not attempt to connect to the remote peer by itself. ("server")
+  * //Responder//: this unit accepts connection attempts from the remote peer, but does not attempt to connect to the remote peer by itself. ("server")
-  * //Responder for roaming clients// this unit accepts connection attempts from unspecified remote peers. Remote Gateway IP Address (see above) does not need to be specified - set it to 0.0.0.0
+  * //Responder for roaming clients//: this unit accepts connection attempts from unspecified remote peers. Remote Gateway IP Address (see above) does not need to be specified - set it to 0.0.0.0
 **IKE phase1 mode**\\
 During the initial security association establishment, one can select between:
-  * //Main// a little more secure and requires two more message exchanges,
+  * //Main//: a little more secure and requires two more message exchanges,
-  * //Aggressive// a little less secure but faster, the identities are not protected,
+  * //Aggressive//: a little less secure but faster, the identities are not protected,
-  * //Main, accept Aggressive// Main mode preferred, Aggressive mode accepted,
+  * //Main, accept Aggressive//: Main mode preferred, Aggressive mode accepted,
-  * //Aggressive, accept Main// Aggressive mode preferred, Main mode accepted.
+  * //Aggressive, accept Main//: Aggressive mode preferred, Main mode accepted.
 **NAT Traversal**\\
 Specifies whether IPSec NAT-T protocol (encapsulation of IPSec packets inside UDP packets) is allowed to be used when your Internet Gate acts as an Initiator. It is useful if you, or the remote IPSec gateway, are behind a NAT. As an IPSec responder the Internet Gate always accepts IPSec NAT-T packets. [[wp>NAT-T]]\\
-  * //Disabled// NAT-T will not be used, connections with a NAT (=Network Address Translation) in between will not work.
+  * //Disabled//: NAT-T will not be used, connections with a NAT (=Network Address Translation) in between will not work.
-  * //Enabled// NAT-T will be used if needed (and if supported by the remote peer), automatic detection if a NAT is present is done.
+  * //Enabled//: NAT-T will be used if needed (and if supported by the remote peer), automatic detection if a NAT is present is done.
-  * //Force// If the remote peer supports NAT-T, then it will be used, even if no NAT is present. This is e.g. useful if the ESP- or AH-protocol is blocked somewhere on the communication path.
+  * //Force//: If the remote peer supports NAT-T, then it will be used, even if no NAT is present. This is e.g. useful if the ESP- or AH-protocol is blocked somewhere on the communication path.
 **List of algorithm offers**\\
-At least one of the //preferences// listed must be exactly like the remote IPSec gateway's preferences. The default preferences are chosen to be compatible with most IPSec applications, but in some circumstances you might need to alter them to fit the remote IPSec peer's.\\
+At least one of the //preferences// listed must be exactly like the remote IPSec gateway's preferences. The default preferences are chosen to be compatible with most IPSec applications, but in some circumstances you might need to alter them to fit the remote IPSec peer's.
 **Authentication**:\\
   * **Method** //RSA// or //DSS signatures// are used with certificates, //pre-shared key// otherwise. RSA is considered to be safer than DSS. [[wp>Digital_signature|Digital signature]] [[wp>Preshared_secret|Pre-shared key]]\\
@@ Line 92: / Line 93: @@
 **Pre-shared key** - if //Pre-shared key// was selected as **Authentication Method**: 8-40 preferably random characters, not known by anyone else but you and the remote gateway.
+====== ======
+\\
+[[vpn:start|VPN Overview]]

web_gui/vpn_peer.1290180084.txt.gz · Last modified: 2010/11/19 16:21 by mats

Show page Old revisions