Billion Electric Company BiPAC 7402G User Manual

802.11g ADSL2+ VPN Firewall Router

Chapter 4: Configuration

Idle Time

: Auto-disconnect the VPN connection when there is no activity on the connection for a

predetermined period of time. 0 means this connection is always on.

Active as default route

: Commonly used by the Dial-out connection which all packets will route through

the VPN tunnel to the Internet; therefore, active the function may degrade the Internet performance.

Click Apply after changing settings.

L2TP over IPSec (L2TP/IPSec) VPN Connection

IPSec:

Enable for enhancing your LT2P VPN security.

Authentication:

Authentication establishes the integrity of the datagram and ensures it is not tampered

with in transmit. There are three options, Message Digest 5 (MD5), Secure Hash Algorithm (SHA1) or
NONE

. SHA1 is more resistant to brute-force attacks than MD5, however it is slower.

MD5:

A one-way hashing algorithm that produces a 128−bit hash.

SHA1:

A one-way hashing algorithm that produces a 160−bit hash.

Encryption:

Select the encryption method from the pull-down menu. There are four options, DES, 3DES,

AES

and NONE. NONE means it is a tunnel only with no encryption. 3DES and AES are more powerful

but increase latency.

DES:

Stands for Data Encryption Standard, it uses 56 bits as an encryption method.

3DES:

Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption

method.

AES:

Stands for Advanced Encryption Standards, it uses 128 bits as an encryption method.

Perfect Forward Secrecy:

Choose whether to enable PFS using Diffie-Hellman public-key cryptography

to change encryption keys during the second phase of VPN negotiation. This function will provide better
security, but extends the VPN negotiation time. Diffie-Hellman is a public-key cryptography protocol that
allows two parties to establish a shared secret over an unsecured communication channel (i.e. over the
Internet). There are three modes, MODP 768-bit, MODP 1024-bit and MODP 1536-bit. MODP stands for
Modular Exponentiation Groups.

Pre-shared Key:

This is for the Internet Key Exchange (IKE) protocol, a string from 4 to 128 characters.

Both sides should use the same key. IKE is used to establish a shared security policy and authenticated
keys for services (such as IPSec) that require a key. Before any IPSec traffic can be passed, each router
must be able to verify the identity of its peer. This can be done by manually entering the pre-shared key
into both sides (router or hosts).

Remote Host Name (Optional):

Enter hostname of remote VPN device. It is a tunnel identifier from the

Remote VPN device matches with the Remote hostname provided. If remote hostname matches, tunnel
will be connected; otherwise, it will be dropped.

Cautious:

This is only when the router performs as a VPN server. This option should be used by advanced users

only.

Local Host Name (Optional):

Enter hostname of Local VPN device that is connected / establishes a

VPN tunnel. As default, Router’s default Hostname is home.gateway.

Tunnel Authentication:

This enables router to authenticate both the L2TP remote and L2TP host. This

is only valid when L2TP remote supports this feature.

Secret:

The secure password length should be 16 characters which may include numbers and

characters. Click Apply after changing settings.

101