Table of Contents
Advertisement
PPP Authentication Type: Default is Auto. Use this setting if you want the router to determine which
authentication type to use. You can manually specify CHAP (Challenge Handshake Authentication
Protocol) or PAP (Password Authentication Protocol) if you know which type the server is using (when
acting as a client) If the router is acting as a server enter the authentication type you want clients
connecting to you to use. When using PAP, the password is sent unencrypted, whilst CHAP encrypts the
password before sending, and also allows for challenges at different periods to ensure that the client has
not been replaced by an intruder.
Idle Time: When there is no activity on the connection for this pre-determined Idle time, the VPN
connection is Auto-disconnected. 0 means this connection is always on. Click Apply after changing
settings.
L2TP over IPSec (L2TP/IPSec) VPN Connection
IPSec: Enable this setting to enhance your L2TP VPN security.
Authentication: Authentication establishes the integrity of the datagram and ensures it is not tampered
with during transmission. There are three options, Message Digest 5 (MD5), Secure Hash Algorithm
(SHA1) or NONE. SHA-1 is more resistant to brute-force attacks than MD5, however it is slower.
MD5: A one-way hashing algorithm that produces a 128−bit hash.
SHA1: A one-way hashing algorithm that produces a 160−bit hash.
Encryption: Select your encryption method choice from the pull-down menu. There are four options,
DES, 3DES, AES and NONE. NONE means that the connection is a tunnel only, with no encryption.
3DES and AES are more powerful but increase latency.
DES: Stands for Data Encryption Standard, and uses a 56 bit encryption method.
3DES: Stands for Triple Data Encryption Standard, and uses a 168 (56*3) bit encryption
method.
AES: Stands for Advanced Encryption Standards, and uses a 128 bit encryption method.
Perfect Forward Secrecy: Choose whether to enable PFS, using Diffie-Hellman public-key cryptography
to change encryption keys during the second phase of VPN negotiation. This function provides better
security, but extends the VPN negotiation time. Diffie-Hellman is a public-key cryptography protocol that
allows two parties to establish a shared secret over an unsecured communication channel (i.e. over the
Internet). There are three modes, MODP 768-bit, MODP 1024-bit and MODP 1536-bit. MODP stands for
Modular Exponentiation Groups
Pre-shared Key: This key is for Internet Key Exchange (IKE) protocol and is a string of between 4 and
128 characters. Both sides should use the same key. IKE is used to establish a shared security policy and
it authenticates keys for services (such as IPSec) that require a key. Before any IPSec traffic can be
passed, each router must be able to verify the identity of its peer. This can be done by manually entering
the pre-shared key into both sides of the connection (router or hosts).
Remote Host Name (Optional): Enter hostname of the remote VPN device. This is a tunnel identifier
and should match the Remote VPN device hostname.
otherwise, it will be dropped.
Caution: This setting is only for when the router functions as a VPN server.
used by advanced users only.
Local Host Name (Optional): Enter the hostname of the Local VPN device that establishes the VPN
tunnel. By default, the Router's default Hostname is home.gateway.
Tunnel Authentication: This enables the router to authenticate both the L2TP remote client and L2TP
host. This is only valid when the L2TP remote client supports this feature..
Secret: The secure password length should be 16 characters (This may include numbers and/or
characters.)
Click Apply after changing settings.
Chapter 4: Configuration
Billion 800VGT Router
If it matches the tunnel will be connected;
This option should be
95
Advertisement
Table of Contents
