Billion Electric Company BiPAC 7402G User Manual

802.11g ADSL2+ VPN Firewall Router

Chapter 4: Configuration

PAP, the password is sent unencrypted, whilst CHAP encrypts the password before sending, and also
allows for challenges at different periods to ensure that the client has not been replaced by an intruder.

Idle Time

: Auto-disconnect the VPN connection when there is no activity on the connection for a

predetermined period of time. 0 means this connection is always on.

Click Apply after changing settings.

L2TP over IPSec (L2TP/IPSec) VPN Connection

IPSec:

Enable for enhancing your LT2P VPN security.

Authentication:

Authentication establishes the integrity of the datagram and ensures it is not tampered

with in transmit. There are three options, Message Digest 5 (MD5), Secure Hash Algorithm (SHA1) or
NONE

. SHA-1 is more resistant to brute-force attacks than MD5, however it is slower.

MD5:

A one-way hashing algorithm that produces a 128−bit hash.

SHA1:

A one-way hashing algorithm that produces a 160−bit hash.

Encryption:

Select the encryption method from the pull-down menu. There are four options, DES, 3DES,

AES

and NONE. NONE means it is a tunnel only with no encryption. 3DES and AES are more powerful

but increase latency.

DES:

Stands for Data Encryption Standard, it uses 56 bits as an encryption method.

3DES:

Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption

method.

AES:

Stands for Advanced Encryption Standards, it uses 128 bits as an encryption method.

Perfect Forward Secrecy:

Choose whether to enable PFS using Diffie-Hellman public-key cryptography

to change encryption keys during the second phase of VPN negotiation. This function will provide better
security, but extends the VPN negotiation time. Diffie-Hellman is a public-key cryptography protocol that
allows two parties to establish a shared secret over an unsecured communication channel (i.e. over the
Internet). There are three modes, MODP 768-bit, MODP 1024-bit and MODP 1536-bit. MODP stands for
Modular Exponentiation Groups.

Pre-shared Key:

This is for the Internet Key Exchange (IKE) protocol, a string from 4 to 128 characters.

Both sides should use the same key. IKE is used to establish a shared security policy and authenticated
keys for services (such as IPSec) that require a key. Before any IPSec traffic can be passed, each router
must be able to verify the identity of its peer. This can be done by manually entering the pre-shared key
into both sides (router or hosts).

Remote Host Name (Optional):

Enter hostname of remote VPN device. It is a tunnel identifier from the

Remote VPN device matches with the Remote hostname provided. If remote hostname matches, tunnel
will be connected; otherwise, it will be dropped.

Cautious:

This is only when the router performs as a VPN server. This option should be used by advanced users

only.

Local Host Name (Optional):

Enter hostname of Local VPN device that is connected / establishes a

VPN tunnel. As default, Router’s default Hostname is home.gateway.

Tunnel Authentication:

This enables router to authenticate both the L2TP remote and L2TP host. This

is only valid when L2TP remote supports this feature.

Secret:

The secure password length should be 16 characters which may include numbers and

characters. Click Apply after changing settings.

108