Billion Electric Company 800VGT manual L2TP over IPSec L2TP/IPSec VPN Connection

Billion 800VGT Router

Active as default route: Normally used when the mode is set to Dial-out. If this is selected, all packets, including internet packets, will route through the VPN tunnel; If this function is enabled, the performance of your Internet connection may be degraded Click Apply after changing the settings.

L2TP over IPSec (L2TP/IPSec) VPN Connection

IPSec: Enable to enhance your L2TP VPN security.

Authentication: Authentication establishes the integrity of the datagram and ensures it is not tampered with during transmission. There are three options, Message Digest 5 (MD5), Secure Hash Algorithm (SHA1) or NONE. SHA1 is more resistant to brute-force attacks than MD5, however it is slower.

￿MD5: A one-way hashing algorithm that produces a 128−bit hash.

￿SHA1: A one-way hashing algorithm that produces a 160−bit hash.

Encryption: Select the encryption method from the pull-down menu. There are four options, DES, 3DES, AES and NONE. NONE means that the connection is a tunnel only, with no encryption. 3DES and AES are more powerful but increase latency.

￿DES: Stands for Data Encryption Standard, it uses a 56 bit encryption method.

￿3DES: Stands for Triple Data Encryption Standard, it uses a 168 (56*3) bit encryption method.

￿AES: Stands for Advanced Encryption Standards, it uses a 128 bit encryption method.

Perfect Forward Secrecy: Choose whether to enable PFS, using Diffie-Hellman public-key cryptography to change encryption keys during the second phase of VPN negotiation. This function provides better security, but extends the VPN negotiation time. Diffie-Hellman is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communication channel (i.e. over the Internet). There are three modes, MODP 768-bit, MODP 1024-bit and MODP 1536-bit. MODP stands for Modular Exponentiation Groups.

Pre-shared Key: This key is for Internet Key Exchange (IKE) protocol and is a string of between 4 and 128 characters. Both sides should use the same key. IKE is used to establish a shared security policy and it authenticates keys for services (such as IPSec) that require a key. Before any IPSec traffic can be passed, each router must be able to verify the identity of its peer. This can be done by manually entering the pre-shared key into both sides of the connection (router or hosts).

Remote Host Name (Optional): Enter hostname of the remote VPN device. This is a tunnel identifier and should match the Remote VPN device hostname. If it matches the tunnel will be connected; otherwise, it will be dropped.

Caution: This is only when the router acts as a VPN server. This option should be used by advanced users only.

Local Host Name (Optional): Enter the hostname of the Local VPN device that establishes the VPN tunnel. By default, the Router’s default Hostname is home.gateway.

Tunnel Authentication: This enables the router to authenticate both the L2TP remote client and L2TP host. This is only valid when the L2TP remote client supports this feature.

Secret: The secure password length should be 16 characters (This may include numbers and/or characters.)

Click Apply after changing settings.

89

Chapter 4: Configuration