SnapGear 2.0.1 User Manual
Page 113
Virtual Private Networking
109
The following table describes the fields in the VPN Setup screen and the options
available when enabling and configuring VPN access.
Field
Description
Enable PPTP
Server
Check this box to enable PPTP connections to be established to
your CyberGuard SG appliance.
IP Addresses for
the Tunnel End
Points
Enter the IP addresses for the tunnel end-points. You need to
specify a free IP address on your local network that each VPN
client will use when connecting to the CyberGuard SG
appliance. Please ensure that the IP addresses listed here are
not in the range the DHCP server can assign. Ranges are
accepted; for example 192.168.160.250-254.
Authentication
Scheme
PPTP provides an authenticated communication tunnel between
a client and a gateway by using a user ID and password. The
authentication scheme is the method the CyberGuard SG
appliance uses to challenge users wanting to establish a PPTP
connection to the network. The remote client must be set up to
use the selected authentication scheme.
•
MSCHAPv2 is the most secure. MSCHAPv2 plus data
encryption is strongly recommended. This keeps your
data private as well as providing secure authentication.
•
CHAP is less secure
•
PAP (although more common) is even less secure.
•
None means that no username/password authentication
is required (not recommended).
Authentication
Database
The authentication database is used to verify the username and
password received from the dialin client.
•
Local means the PPTP user accounts created on the
CyberGuard SG appliance. You will need to created
user accounts as described below. This can be used
with any authentication scheme.
•
RADIUS means an external RADIUS server. You will be
prompted to enter the server IP address and password.
This can be used with any authentication scheme,
provided that the RADIUS server also supports it.
•
TACACS+ means an external TACACS+ server. You
will be prompted to enter the server IP address and
password. This can only be used with the PAP
authentication scheme.