Next: Router configuration Up: IPSec Previous: Top Menu Contents
General settings
Name: VPN IPSec name;
Description: Description of the IPSec connection;
State: VPN IPSec state - enable or disable;
Local Network Definitions
Local IP: IPBrick external interface address (eth1);
Local network: Local network address and respective IPBrick network mask;
Local Gateway: Router internal interface address;
Local Identification: Identification field. Can be used the public network IP or if the network dont't have fixed public IP, a dynamic DNS address;
Server IP in local network: IPBrick internal interface address (eth0).
Remote network definitions
Remote IP: Remote public address;
Remote network: Remote network address and mask;
Remote Gateway: Remote network router internal interface address (this field is not mandatory);
Remote identifier: Remote identification field (this field is not mandatory);
Keys Management
Password: A Pre-Shared Key is a shared key that the VPN service expects as a first credential (before username and password). In order that the VPN server allows the authentication process to continue, it is necessary to pass the correct PSK;
Type: The IPSec supplies two operation methods specified in this field, which are Tunnel (where the original IP pack is encrypted) and Transport (the data (payload) are encrypted, but the original IP heading is not changed);
Authentication: IPSec adds two extra headers to the IP package - AH and ESP. The AH (Authentication Header) insures integrity and authenticity, but not confidentiality. ESP provides data integrity, authenticity and confidentiality;
PFS4.6: Allows PFS protocol that adds additional security in the keys exchange;
Start: Only automatic is available.
NOTE: When a IPSec tunnel is configured, the MTU for the public IPBrick interface is changed to 1400 because of the additional header overhead added by the IPSec. If you found some LAN problems with web access, change again the MTU to 1500 bytes.
PFS4.6