Billion BiPAC 7404V(G)OX/V(G)PX User Manual page 139

Active as default route: Commonly used by the Dial-out connection which all packets will route
through the VPN tunnel to the Internet; therefore, active the function may degrade the Internet
performance.
Remote Host Name (Optional): Enter hostname of remote VPN device. It is a tunnel identifier
from the Remote VPN device matches with the Remote hostname provided. If remote hostname
matches, tunnel will be connected; otherwise, it will be dropped.
Cautious: This is only when the router performs as a VPN server. This option should be
used by advanced users only.
Local Host Name (Optional): Enter hostname of Local VPN device that is connected / establishes
a VPN tunnel. As default, Router's default Hostname is home.gateway.
IPSec: Enable for enhancing your L2TP VPN security.
Authentication: Authentication establishes the integrity of the datagram and ensures it is not
tampered with in transmit. There are three options, Message Digest 5 (MD5), Secure Hash
Algorithm (SHA1) or NONE. SHA1 is more resistant to brute-force attacks than MD5, however it is
slower.
MD5: A one-way hashing algorithm that produces a 128−bit hash.
SHA1: A one-way hashing algorithm that produces a 160−bit hash.
Encryption: Select the encryption method from the pull-down menu. There are four options, DES,
3DES, AES and NULL. NULL means it is a tunnel only with no encryption. 3DES and AES are
more powerful but increase latency.
DES: Stands for Data Encryption Standard, it uses 56 bits as an encryption method.
3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption
method.
AES: Stands for Advanced Encryption Standards, it uses 128 bits as an encryption method.
Perfect Forward Secrecy: Choose whether to enable PFS using Diffie-Hellman public-key
cryptography to change encryption keys during the second phase of VPN negotiation. This function
will provide better security, but extends the VPN negotiation time. Diffie-Hellman is a public-key
cryptography protocol that allows two parties to establish a shared secret over an unsecured
communication channel (i.e. over the Internet). There are three modes, MODP 768-bit, MODP
1024-bit and MODP 1536-bit. MODP stands for Modular Exponentiation Groups.
Pre-shared Key: This is for the Internet Key Exchange (IKE) protocol, a string from 4 to 128
characters. Both sides should use the same key. IKE is used to establish a shared security policy
and authenticated keys for services (such as IPSec) that require a key. Before any IPSec traffic
can be passed, each router must be able to verify the identity of its peer. This can be done by
manually entering the pre-shared key into both sides (router or hosts).
Click Edit/Delete to save your changes.
134