Supported features, 2 supported features – TP-Link Omada ER8411 VPN Router User Manual

User Guide 142

Configuring VPN

VPN

■

Client-to-LAN VPN

In this scenario, the remote host is provided with secure access to the local hosts. For

example, an employee on business can access the private network of his company

securely. Client-to-LAN VPN can satisfy this demand. The following figure shows the typical

network topology in this scenario.

Figure 1-2 

Client-to-LAN VPN

Internet

Gateway

Remote Host

Remote Gateway

VPN Tunnel

Local Hosts

1.2 Supported Features

The router supports IPSec, L2TP, PPTP and OpenVPN.

IPsec

IPsec (IP Security) can provide security services such as data confidentiality, data integrity

and data origin authentication at the IP layer. IPsec uses IKEv1 (Internet Key Exchange

version 1) and IKEv2 (Internet Key Exchange version 2) to handle negotiation of protocols

and algorithms based on the user-specified policy, and generate the encryption and

authentication keys to be used by IPsec. IKEv1/IKEv2 negotiation includes two phases,

that is IKEv1/IKEv2 Phase-1 and IKEv1/IKEv2 Phase-2. The basic concepts of IPsec are as

follows:

■

Proposal

Proposal is the security suite configured manually to be applied in IPsec IKEv1 negotiation.

Specifically speaking, it refers to hash algorithm, symmetric encryption algorithm,

asymmetric encryption algorithm applied in IKEv1 Phase-1, and security protocol, hash

algorithm, symmetric encryption algorithm applied in IKEv1 Phase-2.

■

Negotiation Mode

The negotiation mode configured for IKEv1 Phase-1 negotiation determines the role that

the VPN router plays in the negotiation process. You can specify the negotiation mode as

responder mode or initiator mode.

Responder Mode

: In responder mode, the VPN router responds to the requests for IKEv1

negotiation and acts as the VPN server or the responder.