57
User
Manual
GWG Gateway
Pre-Shared secret is a simple and easy way to authenticate your hosts.
Username/Password can be used only in client mode where your server needs
this kind of authentication. X.509 mode is full Transport Layer Security protocol
with use of certificate/key pairs. Note that the designation of X.509 client or X.509
server is only for the purpose of negotiating the TLS control channel. Make sure
both ends of the OpenVPN tunnel use the same authentication method.
Certificate and key files must first be uploaded through web pages listed in the
main menu under file management.
Encryption Cipher
Encrypt packets with cipher algorithm. The default is AES-128-CBC, an
abbreviation for AES in Cipher Block Chaining mode. On the other hand,
Blowfish has the advantages of being fast, very secure, and allowing key sizes of
up to 448 bits. Blowfish is designed to be used in situations where keys are
changed infrequently. OpenVPN supports the CBC cipher mode.
Hash Algorithm
Authenticate packets with HMAC using message digest algorithm. The default is
SHA1. HMAC is a commonly used message authentication algorithm (MAC) that
uses a data string, a secure hash algorithm and a key, to produce a digital
signature. OpenVPN's usage of HMAC is to first encrypt a packet, then HMAC
the resulting ciphertext. In TLS mode, the HMAC key is dynamically generated
and shared between peers via the TLS control channel. If OpenVPN receives a
packet with a bad HMAC it will drop the packet. HMAC usually adds 16 or 20
bytes per packet. Set none to disable authentication.
Protocol
Select a protocol you want to use for tunnel connection. UDP connect and TCP
client will need the "Remote Host or IP Adress" field in order to successfully
establish a tunnel.
UDP Port/TCP Port
Enter a port number for a tunnel connection.
LZO Compression
Use fast LZO compression. This may add up to 1 byte per packet for
incompressible data.
NAT Rules
NAT Rules is enabled by default.
Keep Alive
Use this mechanism to keep tunnel alive.
Ping Interval
Ping interval for sending pings over the TCP/UDP control channels. Number of
seconds is specified in this field.
Ping Timeout
Defines a timeout interval in seconds after which a restart of OpenVPN tunnel
will be triggered. This value must be twice as "Ping Interval" value.
Max Fragment Size
Enable internal datagram fragmentation so that no UDP datagrams are sent
which are larger than max bytes. This option is available only when UDP
protocol is being used. There are circumstances where using OpenVPN’s internal
fragmentation capability may be your only option, such as tunneling a UDP
multicast stream which requires fragmentation.
Pre-shared Secret
Use Static Key encryption mode (non-TLS).
Generate PSK
Check this option and use "Generate" button to produce a pre-shared secret.
Paste
Use this option to manualy paste a pre-shared secret from remote host's PSK file.
CA Certificate
Certificate authority (CA) file, also referred to as the root certificate.
Username
Enter a username for authentication to the remote host server.
Password
Enter a password for authentication to the remote host server.
Local Certificate
Local peer’s signed certificate, must be signed by a certificate authority whose
Summary of Contents for GWG
Page 1: ...GWG Gateway USER MANUAL GWG Document version 1 0 1 Date July 2016 WWW GENEKO RS ...
Page 43: ...43 User Manual GWG Gateway Figure 22 RIP configuration page ...
Page 136: ...136 User Manual GWG Gateway Click OK Figure 125 Policies from trust to untrust zone ...
Page 156: ...156 User Manual GWG Gateway Figure 150 Configuration page for SIM keepalive ...