Teltonika RUT955 User Manual page 137

RUT955 User's Manual
Field name Possible values
1. Enable Checked / Unchecked
2. TUN/TAP TUN (tunnel) / TAP
(bridged)
3. Protocol UDP / TCP
4. Port 0 – 65535
5. LZO Checked / Unchecked
6. Encryption BF-CBC 128 (default) /
AES-128-CBC 128 / ...
7. Authentication TLS / Static Key /
Password /
TLS/Password
8. TLS cipher All / DHE + RSA /
Custom
9. Client to client Checked / Unchecked
10. Keep alive Any integer number
*space* any integer
number
11. Virtual network Any private IP address IP address of the Virtual network
IP address
12. Virtual network Any netmask
IP netmask
13. Push option i.e., route 192.168.1.0
255.255.255.0
14. Allow duplicate Checked / Unchecked
certificates
15. Certificate .ca file
authority
16. Server .crt file
certificate
17. Server key .key file
18. Diffie Hellman .pem file
parameters
Teltonika Solutions
Explanation
Turns the OpenVPN instance on or off
OpenVPN interface type. TUN is most often in typical VPN connections,
however, TAP is required in some Ethernet bridging configurations
The transfer protocol used by the connection
Port number (make sure that this port is allowed by firewall)
With LZO compression, your VPN connection will generate less network
traffic. However, enabling this causes a higher CPU load. Use it carefully
with a high traffic rate or low CPU resources
Packet encryption algorithm
Authentication mode, used to secure data sessions.
Static key is a secret key used for server – client authentication.
TLS authentication mode uses X.509 type certificates:
Certificate Authority (CA), Server certificate, Server key, Diffie
Hellman parameters (DH).
All mentioned certificates can be generated using OpenVPN or Open
SSL utilities on any type of host machine.
TLS/Password uses both TLS certificates and a User/Password type of
authentication
Packet encryption algorithm (cipher)
Enables client to client communication in the Virtual network. In order
for Client to client to work, the TLS Clients section most be utilized
Defines two time intervals: one is used to periodically send ICMP
request to the OpenVPN server, the other defines a time window,
which is used to restart the OpenVPN service, if no ICPM response is
received during the window time slice. Example: "10 60"
Subnet mask of the Virtual network
Push options are a way to "push" user defined routes to connecting
clients' routing tables. In the given example, the server will push the
route of 192.168.1.0 network with the 255.255.255.0 netmask to
connecting clients. Therefore, the client will be able to reach devices in
the 192.168.1.0 network. This is useful when a client needs to reach
devices located in the OpenVPN server's LAN.
If checked, the server allows clients to connect with identical
certificates
Certificate authority is an entity that issues digital certificates. A digital
certificate certifies the ownership of a public key by the named subject
of the certificate
Server certificate is a type of digital certificate that is used to identify
the OpenVPN server
Authenticates clients to the server
DH parameters define how OpenSSL performs the Diffie-Hellman (DH)
key-exchange.
137