NEXCOM IFA 1610 User Manual

Copyright © 2014 NEXCOM International Co., Ltd. All Rights Reserved.

IFA 3610/IFA 2610/IFA 1610 User Manual

Chapter 7: The VPN Menu

62

Fallback VPN servers
One or more (one per line) fallback OpenVPN servers in the same format used for the primary server, i.e.,

myvpn.

example.com:port:protocol. The port and protocol values default to 1194 and udp respectively when omitted. If

the connection to the main server fails, one of these fallback servers will take over.

Hint: The protocol must be written in lowercase letters.

Device type
The device used by the server, which is either TAP or TUN.

Connection type
This drop-down menu is not available if TUN has been selected as Device type, because in this case the connection type
is always routed. Available options are routed (i.e., the client acts as a gateway to the remote LAN) or bridged (i.e., the
client firewall appears as part of the remote LAN). Default is routed.

Bridge to
This field is only available if TAP has been selected as Device type and the connection type is bridged. From this drop-
down menu, select the zone to which this client connection should be bridged.

NAT
This option is only available if the Connection type is routed. Tick this checkbox to hide the clients connected through
this appliance behind the firewall’s VPN IP address. This configuration will prevent incoming connections requests to the
clients. In other words, incoming connections will not see the clients in the local network.

Block DHCP responses coming from tunnel
Tick this checkbox to avoid receiving DHCP responses from the LAN at the other side of the VPN tunnel that conflict with
a local DHCP server.

Use LZO compression
Compress the traffic passing through the tunnel, enabled by default.

Protocol
The protocol used by the server: UDP (default) or TCP. Set to TCP only if an HTTP proxy should be used: In this case, a
form will show up to configure it.

If the appliance can access the Internet only through an upstream HTTP proxy, it can still be used as an OpenVPN client in
a Gateway-to-Gateway setup, but the TCP protocol for OpenVPN must be selected on both sides. Moreover, the account
information for the HTTP upstream proxy must be provided in the text fields:

HTTP proxy
The HTTP proxy host, e.g.,

proxy.example.com:port, with the port defaulting to 8080 if not entered.

Proxy username, Proxy password
The proxy account information: The username and the password.

Forge proxy user-agent
A forged user agent string can be used in some cases to disguise the appliance as a regular web browser, i.e., to contact
the proxy as a browser. This operation may prove useful if the proxy accepts connections only for some type of browsers.

Once the connection has been configured, a new box at the bottom of the page will appear, called TLS authentication,
from which to upload a TLS key file to be used for the connection. These options are available:

TLS key file
The key file to upload, searchable on the local workstation.

MD5
The MD5 checksum of the uploaded file, which will appear as soon as the file has been stored on the appliance.

Direction
This value is set to 0 on servers and to 1 on clients.