3 import profile from openvpn access server, 3 ipsec, 1 ipsec – NEXCOM IFA 1610 User Manual

Copyright © 2014 NEXCOM International Co., Ltd. All Rights Reserved.

IFA 3610/IFA 2610/IFA 1610 User Manual

Chapter 7: The VPN Menu

63

7.2.3 Import Profile from OpenVPN Access Server

The second possibility to add an account is to directly import the profile from an OpenVPN Access Server: In this case,
the following information must be provided:

Connection name
A custom name for the connection.

Access Server URL
The URL of the OpenVPN Access Server.

Note:

Note that the appliance only supports XML-RPC configuration of the OpenVPN Access Server, therefore a URL

input here has the form:

https://<SERVERNAME>/RPC2.

Username, Password
The username and password on the Access Server.

Verify SSL certificate
If this checkbox is ticked and the server is running on an SSL encrypted connection, then the SSL certificate will be
checked for validity. Should the certificate not be valid then the connection will be immediately closed. This feature might
be disabled when using a self-signed certificate.

Remark
A comment to recall the purpose of the connection.

7.3 IPsec

The IPsec page contains two tabs (IPsec and L2TP), that allow to set up and configure the IPsec tunnels and to enable
the L2TP support, respectively.

7.3.1 IPsec

To enable L2TP on the appliance, the switch next to the Enable L2TP label should be blue . If it is grey ,
click on it to start the service.

The IPsec tab contains two boxes: The first one is IPsec settings, which concerns the certificate choice and various
options, also for debugging purposes. The second one is Connections, which shows all the connections and allows to
manage them.

IPsec, L2TP, and XAuth in a nutshell.
IPsec is a generic standardised VPN solution, in which the encryption and the authentication tasks are carried out
on the OSI layer 3 as an extension to the IP protocol. Therefore, IPsec must be implemented in the kernel’s IP stack.
Although IPsec is a standardised protocol and it is compatible to most vendors that implement IPsec solutions, the actual
implementation may be very different from vendor to vendor, sometimes causing interoperability issues.

Moreover, the configuration and administration of IPsec may become quite difficult due to its complexity and design,
while some particular situations might even be impossible to handle, for example when there is the necessity to cope
with NAT.

Compared to IPsec, OpenVPN is easier to install, configure, and manage. However, mobile devices rely on IPsec, thus the
appliance implements an easy-to-use administration interface for IPsec, that supports different authentication methods
and also two-factor authentication when used together with L2TP or XAuth.

Indeed, IPsec is used to authenticate clients (i.e., tunnels) but not users, so one tunnel can be used by only one client
at a time.

L2TP and XAuth add user authentication to IPsec, therefore many clients can connect to the server using the same
encrypted tunnel and each client is authenticated by either L2TP or XAuth.

An additional option is available when using XAuth and is called XAuth hybrid mode, which only authenticates the user.