Openvpn options, L2tp options – NEXCOM IFA 1610 User Manual
Page 72
Copyright © 2014 NEXCOM International Co., Ltd. All Rights Reserved.
IFA 3610/IFA 2610/IFA 1610 User Manual
Chapter 7: The VPN Menu
69
Override OpenVPN options
Tick this checkbox to allow the OpenVPN protocol to be used. This option will reveal a box in which to specify custom
option for the account, see below.
Override L2TP options
Tick this checkbox to show a box in which to choose the L2TP tunnel to be used.
Note:
This option can not be selected if no L2TP tunnel has yet been configured. In such a case, an informative message
appears as a hyperlink: Upon clicking on it, the IPsec connection editor opens. Once done, it will be possible to allow a
VPN user to connect using the L2TP Protocol.
Hint: The box for L2TP options will appear below the OpenVPN options box, if also OpenVPN option are to be overridden.
Enabled
Tick the checkbox to enable the user, i.e., to allow her to connect to the OpenVPN server on the appliance.
OpenVPN Options
direct all client traffic through the VPN server
If this option is checked, all the traffic from the connecting client, regardless of the destination, is routed through the
uplink of the appliance. The default is to route all the traffic whose destination is outside any of the internal zones (such
as Internet hosts) through the client’s uplink.
Push only global options to this client
For advanced users only. Normally, when a client connects, tunnelled routes to networks that are accessible via VPN are
added to the client’s routing table, to allow it to connect to the various local networks reachable from the appliance. This
option should be enabled if this behaviour is not wanted, but the client’s routing tables (especially those for the internal
zones) should be modified manually.
Push route to GREEN [BLUE, ORANGE] zone,
When this option is active, the client will have access to the GREEN, BLUE, or ORANGE zone. These options have no
effect if the corresponding zones are not enabled.
Networks behind client
This option is only needed if this account is used as a client in a Gateway-to-Gateway setup. In the box should be written
the networks laying behind this client that should be pushed to the other clients. In other words, these networks will be
available to the other clients.
Static IP addresses
Dynamic IP addresses are assigned to clients, but a static IP address provided here will be assigned to the client whenever
it connects.
Note:
If the client connects to a multicore VPN server running on the appliance, this assignment will not be taken into
account.
Push these nameservers
Assign custom nameservers on a per-client basis here. This setting (and the next one) can be defined, but enabled or
disabled at will.
Push these domains
Assign custom search domains on a per-client basis here.
Note:
When planning to have two or more branch offices connected through a Gateway-to-Gateway VPN, it is good
practice to choose different subnets for the LANs in the different branches. For example, one branch might have a
GREEN zone with the
192.168.1.0/24 subnet while the other branch uses 192.168.2.0/24. Using this solution,
several possible sources for errors and conflicts will be avoided. Indeed, several advantages come for free, including:
The automatic assignment of correct routes, without the need for pushing custom routes, no warning messages about
possibly conflicting routes, correct local name resolution, and easier WAN network setup.
L2TP Options
IPsec Tunnel
This drop-down menu allows to choose the tunnel that will be employed by the user, among those already defined.