Actions tab, Export tab – equinux VPN Tracker 6.4.6 User Manual

Page 59

Advertising
background image

with devices that request the next passcode from a passcode generator token
(which can take up to 1 minute).

Do not increase the timeout unless you have a specific reason to do so. Most
devices will no longer expect a password after 15-60 seconds and thus the
connection attempt will fail if entering a password takes too much time.

Cache XAUTH credentials until VPN is disconnected

When re-negotiating encryption keys, VPN Tracker also has to perform Ex-
tended Authentication (XAUTH) again. If you check this option, VPN Tracker
will cache your XAUTH username and password for the entire duration of the
connection, even if they are not stored in keychain. You will not have to enter
your password again when the encryption keys are re-negotiated.

Proposal Conflict Resolution

When VPN Tracker and the VPN gateway disagree about the lifetime or the
Perfect Forward Secrecy (PFS) setting, VPN Tracker can choose to accept the
VPN gateway’s proposal instead of insisting on its own settings (in which case
the connection attempt would fail).

Use remote proposals
VPN Tracker will use whatever settings the VPN gateway suggests, even if they
are less secure

Use remote proposals if more secure (strict)
VPN Tracker will use the settings the VPN gateway suggests if they are at least
as secure as the current settings in VPN Tracker

Use remote proposals if more secure
VPN Tracker will use the settings the VPN gateway suggests if they are at least
as secure as the current settings in VPN Tracker. If the lifetime mismatches and
the VPN gateway's lifetime is longer, VPN Tracker will attempt to use its own
(shorter) lifetime. While this will allow initial connectivity, it may lead to the
connection being dropped unexpectedly later on.

Never use remote proposals
VPN Tracker will treat a mismatch as an error and stop connecting.

Related Settings: Advanced > Phase 2 > Lifetime
Advanced > Phase 2 > Perfect Forward Secrecy (PFS)

Availability: always

Manually set MTU for network used by VPN

VPN Tracker normally uses an MTU (maximum transfer unit) of 1280 bytes. In
extremely rare circumstances it may be necessary to decrease the MTU further
in order to avoid fragmentation of network packets.

If you have to decrease the MTU, please be aware that the MTU in VPN Tracker
needs to be set to 52 bytes less than the actual MTU that can be used.

Availability: always

Actions Tab

The actions tab is explained in detail in

→ Working with VPN Tracker

Export Tab

A description of the export settings can be found

→ Exporting Connections.

59

Advertising
Popular Brands
Popular manuals