Table of Contents
Advertisement
Active as default route: Normally used when the mode is set to Dial-out. If this is selected, all packets,
including internet packets, will route through the VPN tunnel; If this function is enabled, the performance
of your Internet connection may be degraded Click Apply after changing the settings.
L2TP over IPSec (L2TP/IPSec) VPN Connection
IPSec: Enable to enhance your L2TP VPN security.
Authentication: Authentication establishes the integrity of the datagram and ensures it is not tampered
with during transmission. There are three options, Message Digest 5 (MD5), Secure Hash Algorithm
(SHA1) or NONE. SHA1 is more resistant to brute-force attacks than MD5, however it is slower.
MD5: A one-way hashing algorithm that produces a 128−bit hash.
SHA1: A one-way hashing algorithm that produces a 160−bit hash.
Encryption: Select the encryption method from the pull-down menu. There are four options, DES, 3DES,
AES and NONE. NONE means that the connection is a tunnel only, with no encryption. 3DES and AES
are more powerful but increase latency.
DES: Stands for Data Encryption Standard, it uses a 56 bit encryption method.
3DES: Stands for Triple Data Encryption Standard, it uses a 168 (56*3) bit encryption method.
AES: Stands for Advanced Encryption Standards, it uses a 128 bit encryption method.
Perfect Forward Secrecy: Choose whether to enable PFS, using Diffie-Hellman public-key cryptography
to change encryption keys during the second phase of VPN negotiation. This function provides better
security, but extends the VPN negotiation time. Diffie-Hellman is a public-key cryptography protocol that
allows two parties to establish a shared secret over an unsecured communication channel (i.e. over the
Internet). There are three modes, MODP 768-bit, MODP 1024-bit and MODP 1536-bit. MODP stands for
Modular Exponentiation Groups.
Pre-shared Key: This key is for Internet Key Exchange (IKE) protocol and is a string of between 4 and
128 characters. Both sides should use the same key. IKE is used to establish a shared security policy and it
authenticates keys for services (such as IPSec) that require a key. Before any IPSec traffic can be
passed, each router must be able to verify the identity of its peer. This can be done by manually entering
the pre-shared key into both sides of the connection (router or hosts).
Remote Host Name (Optional): Enter hostname of the remote VPN device. This is a tunnel identifier
and should match the Remote VPN device hostname. If it matches the tunnel will be connected;
otherwise, it will be dropped.
Caution: This is only when the router acts as a VPN server. This option should be used by advanced
users only.
Local Host Name (Optional): Enter the hostname of the Local VPN device that establishes the VPN
tunnel. By default, the Router's default Hostname is home.gateway.
Tunnel Authentication: This enables the router to authenticate both the L2TP remote client and L2TP
host. This is only valid when the L2TP remote client supports this feature.
Secret: The secure password length should be 16 characters (This may include numbers and/or
characters.)
Click Apply after changing settings.
Chapter 4: Configuration
Billion 800VGT Router
89
Advertisement
Table of Contents
