equinux VPN Tracker 8.1.1 User Manual

Local Identifier

The identifier that VPN Tracker uses to identify itself to the VPN gateway. The
VPN gateway uses the identifier to map the incoming connections to the
VPNs it has configured.

Make sure that the local identifier type and value in VPN Tracker
match what the VPN gateway expects! Otherwise the VPN
gateway may refuse or silently drop the connection.

IP Address
An IP address is used for identification. Make sure to enter the IP address the
VPN gateway expects.

Local Endpoint IP Address
Same as “IP Address”, but VPN Tracker will automatically use the Mac’s current
local IP address as the value. Useful if your VPN gateway permits incoming
connections using any IP address-based identifier.

Fully Qualified Domain Name (FQDN)
A fully qualified domain name (FQDN) is used for identification (e.g.
client.example.com).

Email (User FQDN)
An email address is used for identification (e.g. [email protected]).

Some VPN gateways expect FQDN or User FQDN type identifiers
that are neither valid FQDNs nor email addresses. This is ok.
Simply enter whatever your VPN gateway expects you to use
(e.g. a connection identifier, user name or group name).

Key ID
An identifier for vendor-specific use. Cisco EasyVPN devices use this for the
group name of the connecting user.

ASN.1 DN
An ASN.1 Distinguished Name (DN) is used for identification. Normally this is
used in conjunction with certificate-based authentication. Enter the (correctly
formatted) ASN.1 DN that the VPN gateway expects.

Local Certificate
The identifier is the ASN.1 Distinguished Name taken from the subject of the
local certificate (only possible when using certificates for authentication).

Remote Identifier

The identifier that VPN Tracker should expect from the VPN gateway. VPN
Tracker will compare the actual identifier sent by the VPN gateway to the one
configured here. If the identifiers do not match, the connection attempt will
be stopped and an error displayed in the log.

Don’t verify remote identifier
Turn off identifier verification (e.g. for testing). Identifier verification provides
minor security benefits for Aggressive Mode connections, but should always
be used for Main Mode connections.

IP Address
An IP address is used for identification. Enter the IP address the VPN gateway
sends. It is often, but not always, the VPN gateway’s public IP address.

Remote Endpoint IP Address
Same as “IP Address”, but VPN Tracker will automatically use the public IP ad-
dress of the VPN gateway.

Fully Qualified Domain Name (FQDN)
A fully qualified domain name (FQDN) is used for identification (e.g.
vpn.example.com). Enter the FQDN the VPN gateway sends.

Email (User FQDN)
An email address is used for identification (e.g. [email protected]).
Enter the email address the VPN gateway sends.

Some VPN gateways use FQDN or User FQDN type identifiers
that are neither valid FQDNs nor email addresses. This is ok.
Simply enter whatever your VPN gateway sends as its identifier.

Key ID
An identifier for vendor-specific use.

47