1. Home
    2. /
  2. Manuals
    3. /
  3. BEC Technologies
    4. /
  4. 7402GTMR4-SCED
    5. /
  5. 19
Page 91 / 146 Scroll up to view Page 86 - 90
Chapter 4: Configuration
87
L2TP (Layer Two Tunneling Protocol)
Two types of L2TP VPN are supported,
Remote Access
and
LAN-to-LAN
(please refer below for
more information.). Click
Create
to create a new VPN connection account.
After you have created L2TP connection, account status will be displayed. (See example above).
~
Enable / Disable:
This function activates or deactivates the L2TP connection.
To wish
interrupting the tunnel, check
Disable
radio button and click
Apply
button to deactivate the
connection.
Name:
This is the user-defined name of the connection.
Type:
This refers to your router operates as a client or a server,
Dialout
or
Dialin
in respectively.
Status:
It informs your L2TP tunnel connection condition.
Page 92 / 146
Chapter 4: Configuration
88
L2TP Connection - Remote Access
Connection Name:
This allows you to identify this particular connection, e.g. “Connection to
office”.
Type:
Check
Dial Out
if you want your router to operate as a client (connecting to a remote VPN
server, e.g. your office server), check
Dial In
operates as a VPN server.
~
When configuring your router as a Client, enter the remote
Server IP
Address
(or
Hostname)
you wish to connection to.
~
When configuring your router as a server, enter the
Private IP Address Assigned to
Dial in User
address.
Username:
If you are a Dial-Out user (client), enter the username provided by your Host.
If you
are a Dial-In user (server), enter your own username.
Password:
If you are a Dial-Out user (client), enter the password provided by your Host.
If you
are a Dial-In user (server), enter your own password.
PPP Authentication Type:
Default is
Auto
if you want the router to determine the authentication
type to use, or else manually specify CHAP (Challenge Handshake Authentication Protocol) or
PAP (Password Authentication Protocol) if you know which type the server is using (when acting
as a client), or else the authentication type you want clients connecting to you to use (when acting
as a server). When using PAP, the password is sent unencrypted, whilst CHAP encrypts the
password before sending, and also allows for challenges at different periods to ensure that the
client has not been replaced by an intruder.
Idle Time
: Auto-disconnect the VPN connection when there is no activity on the connection for a
predetermined period of time. 0 means this connection is always on.
Click
Apply
after changing settings.
IPSec:
Enable for enhancing your LT2P VPN security.
Page 93 / 146
Chapter 4: Configuration
89
Authentication:
Authentication establishes the integrity of the datagram and ensures it is not
tampered with in transmit. There are three options, Message Digest 5 (
MD5
), Secure Hash
Algorithm (
SHA1
) or
NONE
. SHA1 is more resistant to brute-force attacks than MD5, however it is
slower.
~
MD5:
A one-way hashing algorithm that produces a 128
bit hash.
~
SHA1:
A one-way hashing algorithm that produces a 160
bit hash.
Encryption:
Select the encryption method from the pull-down menu. There are four options,
DES
,
3DES
,
AES
and
NONE
. NONE means it is a tunnel only with no encryption. 3DES and AES are
more powerful but increase latency.
~
DES:
Stands for Data Encryption Standard, it uses 56 bits as an encryption method.
~
3DES:
Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an
encryption method.
~
AES:
Stands for Advanced Encryption Standards, it uses 128 bits as an encryption
method.
Perfect Forward Secrecy:
Choose whether to enable PFS using Diffie-Hellman public-key
cryptography to change encryption keys during the second phase of VPN negotiation. This function
will provide better security, but extends the VPN negotiation time. Diffie-Hellman is a public-key
cryptography protocol that allows two parties to establish a shared secret over an unsecured
communication channel (i.e. over the Internet). There are three modes, MODP 768-bit, MODP
1024-bit and MODP 1536-bit. MODP stands for Modular Exponentiation Groups.
Pre-shared Key:
This is for the Internet Key Exchange (IKE) protocol, a string from 4 to 128
characters. Both sides should use the same key. IKE is used to establish a shared security policy
and authenticated keys for services (such as IPSec) that require a key. Before any IPSec traffic can
be passed, each router must be able to verify the identity of its peer. This can be done by manually
entering the pre-shared key into both sides (router or hosts).
Remote Host Name (Optional):
Enter hostname of remote VPN device. It is a tunnel identifier
from the Remote VPN device matches with the Remote hostname provided.
If remote hostname
matches, tunnel will be connected; otherwise, it will be dropped.
Cautious:
This is only when the router performs as a VPN server.
This option should be used by
advanced users only.
Local Host Name (Optional):
Enter hostname of Local VPN device that is connected / establishes
a VPN tunnel. As default, Router’s default Hostname is
home.gateway.
Tunnel Authentication:
This enables router to authenticate both the L2TP remote and L2TP host.
This is only valid when L2TP remote supports this feature.
Secret:
The secure password length should be 16 characters which may include numbers and
characters.
Page 94 / 146
Chapter 4: Configuration
90
L2TP Connection - LAN to LAN
Connection Name:
A user-define description of the connection.
Type:
Check
Dial Out
if you want your router to operate as a client (connecting to a remote VPN
server, e.g. your office server), check
Dial In
operates as a VPN server.
~
When configuring your router establish the connection to a remote LAN, enter the remote
Server IP
Address
(or Hostname)
you wish to connection to.
~
When configuring your router as a server to accept incoming connections, enter the
Private IP Address Assigned to Dial in User
address.
Peer Network IP:
Enter Peer network IP address.
Netmask:
Enter the subnet mask of peer network based on the Peer Network IP setting.
Username:
If you are a Dial-Out user (client), enter the username provided by your Host.
If you are
a Dial-In user (server), enter your own username.
Password:
If you are a Dial-Out user (client), enter the password provided by the your Host. If you
are a Dial-In user (server), enter your own password.
PPP Authentication Type:
Default is
Auto
if you want the router to determine the authentication
type to use, or else manually specify CHAP (Challenge Handshake Authentication Protocol) or PAP
(Password Authentication Protocol) if you know which type the server is using (when acting as a
client), or else the authentication type you want clients connecting to you to use (when acting as a
server). When using PAP, the password is sent unencrypted, whilst CHAP encrypts the password
before sending, and also allows for challenges at different periods to ensure that the client has not
been replaced by an intruder.
Page 95 / 146
Chapter 4: Configuration
91
Idle Time
: Auto-disconnect the VPN connection when there is no activity on the connection for a
predetermined period of time. 0 means this connection is always on. Click
Apply
after changing
settings.
IPSec:
Enable for enhancing your LT2P VPN security.
Authentication:
Authentication establishes the integrity of the datagram and ensures it is not
tampered with in transmit. There are three options, Message Digest 5 (
MD5
), Secure Hash
Algorithm (
SHA1
) or
NONE
. SHA-1 is more resistant to brute-force attacks than MD5, however it is
slower.
~
MD5:
A one-way hashing algorithm that produces a 128
bit hash.
~
SHA1:
A one-way hashing algorithm that produces a 160
bit hash.
Encryption:
Select the encryption method from the pull-down menu. There are four options,
DES
,
3DES
,
AES
and
NONE
. NONE means it is a tunnel only with no encryption. 3DES and AES are
more powerful but increase latency.
~
DES:
Stands for Data Encryption Standard, it uses 56 bits as an encryption method.
~
3DES:
Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an
encryption method.
~
AES:
Stands for Advanced Encryption Standards, it uses 128 bits as an encryption
method.
Perfect Forward Secrecy:
Choose whether to enable PFS using Diffie-Hellman public-key
cryptography to change encryption keys during the second phase of VPN negotiation. This function
will provide better security, but extends the VPN negotiation time. Diffie-Hellman is a public-key
cryptography protocol that allows two parties to establish a shared secret over an unsecured
communication channel (i.e. over the Internet). There are three modes, MODP 768-bit, MODP
1024-bit and MODP 1536-bit. MODP stands for Modular Exponentiation Groups.
Pre-shared Key:
This is for the Internet Key Exchange (IKE) protocol, a string from 4 to 128
characters. Both sides should use the same key. IKE is used to establish a shared security policy
and authenticated keys for services (such as IPSec) that require a key. Before any IPSec traffic can
be passed, each router must be able to verify the identity of its peer. This can be done by manually
entering the pre-shared key into both sides (router or hosts).
Remote Host Name (Optional):
Enter hostname of remote VPN device. It is a tunnel identifier
from the Remote VPN device matches with the Remote hostname provided.
If remote hostname
matches, tunnel will be connected; otherwise, it will be dropped.
Cautious:
This is only when the router performs as a VPN server.
This option should be used by
advanced users only.
Local Host Name (Optional):
Enter hostname of Local VPN device that is connected / establishes
a VPN tunnel. As default, Router’s default Hostname is
home.gateway.
Tunnel Authentication:
This enables router to authenticate both the L2TP remote and L2TP host.
This is only valid when L2TP remote supports this feature.
Secret:
The secure password length should be 16 characters which may include numbers and
characters.

Rate

4.5 / 5 based on 2 votes.

Popular BEC Technologies Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top