D-Link DWC-1000 User Manual page 277

Section 7 - VPN
Field
Mode
VPN Network
VPN Netmask
Duplicate CN
Port
Tunnel Protocol
Encryption Algo-
rithm
Hash Algorithm
Tunnel Type
Certificates
Enable Tls Authenti-
cation Key
Block Invalid Client
Certificates
Allow only User
Based Auth Configu-
ration
User Based Auth
Configuration
Authentication
Server
Authentication Type This option is only configurable when authentication server is selected as Radius Server. The
Save
D-Link DWC-1000 User Manual
Select Server.
Enter the IP network for the VPN.
Enter the netmask.
This feature allows multiple clients with the same common name to concurrently connect.
Duplicate CN option can be configured on server side. If we enable this option, we will be able
to use same certificate to connect for multiple clients. For this feature, user based authentication
is also required and multiple clients require to have their respective user-name and password.
Enter what port to use. The default port is 1194.
Select either TCP or UDP.
Select the encryption algorithm from the drop-down menu.
Select the hash algorithm from the drop-down menu.
Select either Full Tunnel or Split Tunnel. Full Tunnel mode just sends all traffic from the client
across the VPN tunnel to the controller. Split Tunnel mode only sends traffic to the private LAN
based on pre-specified client routes. If you select Split Tunnel, refer to "LAN Configuration" on
page 137 to create local networks.
Select the set of certificates openvpn server uses. First Row: Set of certificates and keys the
server uses. Second Row: Set of certificates and keys newly uploaded.
Enabling this adds Tls authentication which adds an additional layer of authentication. Can be
checked only when the tls key is uploaded. Disabled by default.
Enabling this adds facility to block invalid client certificate. This feature requires crl certificate
which contains list of client certificates to be blocked. Please upload crl certificate in OpenVPN
Authentication page.
This method does not require the client certificate, client will authenticate using the username/
password only.
This option is introduced to provide the additional authentication method using username/
password.
Shows the available authentication servers among which one can be selected for openvpn. All
users login into the OmniSSL portal for this openvpn are authenticated through the selected
server. Available authentication servers are 1)Local User Database 2)Radius Server 3)LDAP
Server 4)POP3 5)Active Directory 6)NT Domain
available authentication types are PAP/CHAP/MSCHAP/MSCHAPV2.
Click Save to save and activate your settings.
Description
277