Authentication; No Authentication; Authentication With Static Key - MB Connect Line mbNET MDH810 Manual

19.3.3

Authentication

OpenVPN offers three fundamentally different authentication methods.

None: no certificate or key is needed. Used primarily for testing the connection. The tunnel data is also NOT
encrypted.

Static key: a key as required by each peer is generated for the connection. Similar to the password.

Certificates, X.509: the following three certificate variants are distinguished:
o
Each subscriber needs the same root CA and a personal certificate signed by the root CA.
o
Like 1, but with additional username/password verification.
o
Like 2, but without a personal certificate. In other words, subscribers only need a root CA and
username/password.
19.3.4

No authentication

This setting should primarily be used for test purposes. It provides a quick and easy way of testing the con-
nection with a peer (e.g. whether the correct ports are enabled). The data is sent UNENCRYPTED in this mode.
19.3.5

Authentication with static key

With symmetric encryption, authentication and encryption/decryption of the data is performed using one and
the same key (static key). The advantage of symmetric encryption is its speed: encryption and decryption take
much less time than with asymmetric encryption since the symmetric key is secure from a size of 90 bits.
The asymmetric key, on the other hand, must be at least 1024 bits. The disadvantage of symmetric encryp-
tion is that stations need to exchange keys. Each subscriber must obtain the key in a secure manner. A previ-
ously imported or generated key can be selected in the screen shown above.
Page 180 of 226
Version: 3.3.5 – DR05 – 23.03.2017