TP-Link Omada ER8411 VPN Router User Manual

Page 152

Advertising
background image

Configuring VPN

VPN

User Guide 143

Initiator Mode

: In initiator mode, the VPN router sends requests for IKEv1 negotiation and

acts as the VPN client or the initiator.

Exchange Mode

The exchange mode determines the way VPN routers negotiate in IKEv1 Phase-1. You can

specify the exchange mode as main mode or aggressive mode.

Main Mode

: In main mode, the identification information for authentication is encrypted,

thus enhancing security.

Aggressive Mode

: In aggressive mode, less packets are exchanged, thus improving

speed.

Authentication ID Type

The authentication ID type determines the type of authentication identifiers applied in

IKEv1 Phase-1. It includes the local ID type and the remote ID type. The local ID indicates

the authentication identifier sent to the other end, and the remote ID indicates that

expected from the other end. You can specify the authentication ID type as IP address or

name.

IP Address

: The router uses the IP address for authentication.

Name

: The router uses the FQDN (Fully Qualified Domain Name) for authentication.

Encapsulation Mode

The encapsulation mode determines how packets transfered in the VPN tunnel are

encapsulated. You can select tunnel mode or transport mode as the encapsulation mode.

For most users, it is recommended to use the tunnel mode.

PFS

PFS (Perfect Forward Secrecy) determines whether the key generated in IKEv1 Phase-2 is

relevant with that in IKEv1 Phase-1. You can specify PFS as none, dh1, dh2, or dh5. None

indicates that no PFS is configured, and the key generated in IKEv1 Phase-2 is relevant with

that in IKEv1 Phase-1, whereas dh1, dh2, or dh5 means different key exchange groups,

which make the key generated in IKEv1 Phase-2 irrelevant with that in IKEv1 Phase-1.

L2TP

L2TP (Layer 2 Tunneling Protocol) provides a way for a dial-up user to make a virtual PPP

(Point-to-Point Protocol) connection to a VPN server. Because of the lack of confidentiality

inherent in the L2TP protocol, it is often implemented along with IPsec. The basic concepts

of L2TP are as follows:

IPsec Encryption

IPsec encryption determines whether the traffic of the tunnel is encrypted with IPsec. You

can select encrypted or unencrypted as the IPsec encryption. If encrypted is selected,

Advertising
See also other documents in the category TP-Link Routers: