Next: Router configuration Up: IPSec Previous: Top Menu Contents
In this page we have configured the IPSec connection (as you may see in Figure 4.17). The following data are necessary:
General settings
Name: VPN IPSec name;
Description: Description of the IPSec connection;
State: VPN IPSec state - enable or disable;
Local Network Definitions
Local IP: IPBrick external interface address;
Local network: Local network address and respective IPBrick network mask;
Local Gateway: Router internal interface address;
Local Identification: Dynamic DNS address (by default, this field should be empty. It's used if the network don't have fixed public IP);
Server IP in local network: IPBrick internal interface address.
Remote network definitions
Remote IP: Remote public address;
Remote network: Remote network address and mask;
Remote Gateway: Remote network router internal interface address (by default, this field should be empty);
Remote identifier: Dynamic DNS address (by default, this field should be empty. It's used if the network don't have fixed public IP).
Keys Management
Password: A Pre-Shared Key is a shared key that the VPN service expects as a first credential (before username and password). In order that the VPN server allows the authentication process to continue, it is necessary to pass the correct PSK;
Type: The IPSec supplies two operation methods specified in this field, which are Tunnel (where the original IP pack is encrypted) and Transport (the data (payload) are encrypted, but the original IP heading is not changed);
Authentication: IPSec adds two extra headers to the IP package - AH and ESP. The AH (Authentication Header) insures integrity and authenticity, but not confidentiality. ESP provides data integrity, authenticity and confidentiality;
PFS4.5: Allows PFS protocol that adds additional security in the keys exchange;
Start: Only automatic is available.
NOTE: When a IPSec tunnel is configured, the MTU for the public IPBrick interface is changed to 1400 because of the additional header overhead added by the IPSec. If you found some LAN problems with web access, change again the MTU to 1500 bytes.
PFS4.5