Cradlepoint IBR600 User Manual page 44

User Manual / IBR600/IBR650
OpenVPN supports the CBC, CFB, and OFB
cipher modes, however CBC is recommended
and CFB and OFB should be considered
advanced modes.
• Auth Algorithm – Authenticate packets with
HMAC using message digest algorithm alg.
(The default is SHA1). HMAC is a commonly
used message authentication algorithm
(MAC) that uses a data string, a secure hash
algorithm, and a key, to produce a digital
signature.
• TLS-Authentication – In client/server
mode: adds an additional layer of HMAC
authentication on top of the tls control
channel to protect against DoS attacks.
In point-to-point mode: encrypts the
communication using a static key. These keys
must match on each endpoint.
Add/Edit Tunnel – Remote Servers
Create a list of remote server connections to connect to. OpenVPN will try to connect to each host in the list. If
a disconnect occurs from a given server, the next server will be tried in a round-robin fashion.
• Host – IP address of the remote server
• Port – Specify the port if desired
• Protocol – Select UDP or TCP
Add/Edit Tunnel – Routes
Add or remove the routes that will be used to direct packets through the tunnel.
• Network Address
• Netmask
Generate Client Configuration
The Generate Client Configuration button can be used to generate client configurations for OpenVPN tunnels
configured in Server mode. An .ovpn file will be created that can be imported to a variety of OpenVPN client
devices (Android, iOS, Windows). If the private key for the server's certificate authority is known, a client
certificate can be generated; otherwise one can be selected.
GRE
Generic Routing Encapsulation (GRE) tunnels can be used to create a connection between two private
networks. Most Cradlepoint routers are enabled for both GRE and VPN tunnels. GRE tunnels are simpler to
configure and more flexible for different kinds of packet exchanges, but VPN tunnels are much more secure.
In order to set up a tunnel you must configure the following:
• Local Network and Remote Network addresses for the "Glue Network," the network that is created by
the administrator that serves as the "glue" between the networks of the tunnel. Each address must be a
different IP address from the same private network, and these addresses together form the endpoints of
the tunnel.
• Remote Gateway, the public facing WAN IP address that the local gateway is going to connect to.
©2015 Cradlepoint. All Rights Reserved.
11/5/15
| +1.855.813.3385 | cradlepoint.com
44