Cradlepoint IBR1100 User Manual page 51

User Manual / IBR1100/IBR1150
• Bridged creates a network interface that can be assigned to a LAN under the Local Networks
configuration. This interface is managed through the assigned LAN device.
• Local Endpoint - Enter the IP Address of the LNS (tunnel server) peer
• Local Netmask – Enter the Netmask of the LNS (tunnel server) peer
• Remote Endpoint – Enter the IP Address of the LNS (tunnel server) peer
• Remote Netmask – Enter the Netmask of the LNS (tunnel server) peer
• Support IPv6 Tunnels – Allow IPv6 traffic to be forwarded over this tunnel. If you select this option, also
input an IPv6 Tunnel Address and Tunnel Prefix Length for IPv6
• Tunnel Protocol – Choose UDP or TCP
• Port – Specify the port if desired
• Ping – (Displays if the Configuration Mode is Advanced) If no packets have been sent in the amount of
time entered, a ping is sent to the remote endpoint
• Ping Restart – (Displays if the Configuration Mode is Advanced) If no pings have been received in the
amount of time entered, OpenVPN restarts the tunnel
• Tunnel Enabled – Click to enable/disable this tunnel
Add/Edit Tunnel – Security
• Cipher – Encrypt packets with the selected algorithm.
The default is BF-CBC, an abbreviation for Blowfish in
Cipher Block Chaining mode. Blowfish has the advantages
of being fast, very secure, and allowing key sizes of up
to 448 bits. Blowfish is designed to be used in situations
where keys are changed infrequently. OpenVPN supports
the CBC, CFB, and OFB cipher modes, however CBC is
recommended and CFB and OFB should be considered
advanced modes.
• Auth Algorithm – Authenticate packets with HMAC using
message digest algorithm alg. (The default is SHA1).
HMAC is a commonly used message authentication
algorithm (MAC) that uses a data string, a secure hash
algorithm, and a key, to produce a digital signature.
• Verify peer certificate — Verifies that peer certificate
was signed with RFC3280 TLS rules set in key usage and
extended key usage. This helps to prevent specific man-
in-the-middle attacks.
• TLS-Authentication – In client/server mode: adds an additional layer of HMAC authentication on top of the
tls control channel to protect against DoS attacks. In point-to-point mode: encrypts the communication
using a static key. These keys must match on each endpoint.
Add/Edit Tunnel – Remote Servers
Create a list of remote server connections to connect to. OpenVPN will try to connect to each host in the list. If
a disconnect occurs from a given server, the next server will be tried in a round-robin fashion.
• Host – IP address of the remote server
• Port – Specify the port if desired
• Protocol – Select UDP or TCP
Add/Edit Tunnel – Routes
Add or remove the routes that will be used to direct packets through the tunnel.
©2016 Cradlepoint. All Rights Reserved. | +1.855.813.3385 | cradlepoint.com
7/15/16
51