Table of Contents
Advertisement
Item
Authenticate Mode
Pre-shared Key
CA Certificate
Remote Certificate
Local Certificate
Local Private Key
Local Passphrase
Extra Options
The certificates and private keys have to be in PEM format. As certificate it is possible to
use only certificate which has start and stop tag certificate.
Random time, after which it will re-exchange of new keys are defined:
Lifetime - (Rekey margin + random value in range (from 0 to Rekey margin * Rekey Fuzz/100))
By default, the repeated exchange of keys held in the time range:
Minimal time: 1h - (9m + 9m) = 42m
Maximal time: 1h - (9m + 0m) = 51m
When setting the times for key exchange is recommended to leave the default setting in
which tunnel has guaranteed security. When set higher time, tunnel has smaller operating
costs and smaller the safety. Conversely, reducing the time, tunnel has higher operating costs
and higher safety of the tunnel.
The changes in settings will apply after pressing the Apply button.
Continued from previous page
Description
By this parameter can be set authentication:
Pre-shared key – shared key for both off-side tunnel
X.509 Certificate – allows X.509 certification in multiclient
mode
Sharable key for both parties tunnel.
This certificate is necessary to insert Authentication mode x.509.
This certificate is necessary to insert Authentication mode x.509.
This certificate is necessary to insert Authentication mode x.509.
This private key is necessary to insert Authentication mode
x.509.
This Local Passphrase is necessary to insert Authentication
mode x.509.
Use this parameter to define additional parameters of the IPsec
tunnel, for example secure parameters etc.
Table 41: OpenVPN tunnels configuration
64
ER75s
Advertisement
Table of Contents
